Tag: Detective

At AWS, we often hear from customers that they want expanded security coverage for the multiple services that they use on AWS. However, alert fatigue is a common challenge that customers face as we introduce new security protections. The challenge becomes how to operationalize, identify, and prioritize alerts that represent real risk. In this post, […]

To respond to emerging threats, you will often need to sort through large datasets rapidly to prioritize security findings. HAQM Detective recently released two new features to help you do this. New visualizations in Detective show the connections between entities related to multiple HAQM GuardDuty findings, and a new export data feature helps you use […]

Uncovering the root cause of an HAQM GuardDuty finding can be a complex task, requiring security operations center (SOC) analysts to collect a variety of logs, correlate information across logs, and determine the full scope of affected resources. Sometimes you need to do this type of in-depth analysis because investigating individual security findings in insolation […]

March 15, 2023: We’ve updated this post to incorporate a section to investigate VPC flow logs. In part 1 of this of this two-part series, How to detect security issues in HAQM EKS cluster using HAQM GuardDuty, we walked through a real-world observed security issue in an HAQM Elastic Kubernetes Service (HAQM EKS) cluster and […]

In this two-part blog post, we’ll discuss how to detect and investigate security issues in an HAQM Elastic Kubernetes Service (HAQM EKS) cluster with HAQM GuardDuty and HAQM Detective. HAQM Elastic Kubernetes Service (HAQM EKS) is a managed service that you can use to run and scale container workloads by using Kubernetes in the AWS […]