Category: HAQM Detective

In March 2020, we introduced HAQM Detective, a fully managed service that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. HAQM Detective continuously extracts temporal events such as login attempts, API calls, and network traffic from HAQM GuardDuty, AWS CloudTrail, and HAQM Virtual Private Cloud (HAQM VPC) […]

Almost five years ago, I blogged about a solution that automatically analyzes AWS CloudTrail data to generate alerts upon sensitive API usage. It was a simple and basic solution for security analysis and automation. But demanding AWS customers have multiple AWS accounts, collect data from multiple sources, and simple searches based on regular expressions are […]