Jump to content

Amazon Detective helps reduce time to investigate Amazon GuardDuty findings by grouping related findings


Recommended Posts

Starting today, Amazon Detective automatically groups related GuardDuty findings to help security analysts reduce triage time and create a more comprehensive security investigation. Detective uses machine learning (ML) to group related GuardDuty findings that in insolation may have been ignored but together show the lifecycle of an attack, which can help security analysts identify advanced threats more easily. Available under the Summary page, Detective shows groups of related GuardDuty findings with severity, all affected AWS accounts, and resources. In addition, Detective maps the evolution of findings to tactics, techniques, and procedures (TTP) from the MITRE ATT&CK framework - a well adopted framework for security and threat detection.

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...