Skip to main content
Cloud / AWS / Products / Amazon Detective - Security Analysis

Amazon Detective - Security Analysis

Amazon Detective analyzes security data and assists with investigating security incidents in AWS environments.

Security, Identity & Compliance
Pricing Model Tiered pricing per GB of ingested data, 30-day free trial
Availability Available in multiple AWS regions, check regional availability
Data Sovereignty EU regions available
Reliability SLA as published by the provider SLA

What is Amazon Detective?

Amazon Detective is a security service that simplifies the analysis and investigation of security incidents in AWS environments. The service automatically collects log data from various AWS sources, correlates it, and creates interactive visualizations for investigating suspicious activities.

Detective uses machine learning and graph analysis to identify relationships between resources, users, and activities that would be difficult to identify manually. When a GuardDuty alert occurs, you can dive into Detective with one click and see the full context of the threat.

Core Features

  • Automatic Data Correlation: Connects data from CloudTrail, VPC Flow Logs, and GuardDuty over 12 months
  • Entity Profiles: Detailed profiles for IAM users, roles, EC2 instances, and IP addresses
  • Finding Groups: Groups related security findings into a single incident
  • Investigation Workbench: Interactive visualization for analyzing activity patterns
  • ML-based Anomaly Detection: Identifies unusual behavior based on historical baselines

Typical Use Cases

Incident Response: When a GuardDuty alert occurs, investigate the full scope of the incident with Detective. Which IP addresses were involved? Which other resources did the attacker contact? What API calls were made?

Threat Hunting: Proactively search for suspicious activities before alerts are triggered. Detective shows unusual patterns like new API calls from known users or connections to unusual regions.

Compliance Investigations: During compliance audits, demonstrate who accessed which resources and when. Detective creates detailed activity logs for every user and resource.

Benefits

  • No manual log aggregation setup required
  • Automatic correlation of data across all AWS accounts
  • One-click integration with GuardDuty for seamless investigations
  • Several months of data history for retrospective analysis
  • Free 30-day trial with full functionality

Integration with innFactory

As an AWS Reseller, innFactory supports you with Amazon Detective: setup and configuration, integration with existing SIEM systems, training for incident response teams, and security architecture optimization.

Typical Use Cases

Security investigations
Threat hunting
Root cause analysis
Incident response

Frequently Asked Questions

What is Amazon Detective?

Amazon Detective automatically collects and analyzes log data from AWS CloudTrail, VPC Flow Logs, and GuardDuty. The service creates visualizations and uses ML to identify relationships between resources, users, and activities.

How does Detective differ from GuardDuty?

GuardDuty detects threats and generates alerts. Detective helps with subsequent investigation: Where did the threat come from? Which resources were affected? What is the full scope of the incident?

Which data sources does Detective use?

Detective automatically processes CloudTrail logs (API calls), VPC Flow Logs (network traffic), GuardDuty Findings, and optionally EKS Audit Logs. Data is stored and correlated for 12 months.

How quickly is Detective operational after activation?

Detective begins data ingestion immediately but needs a few days to establish baselines for anomaly detection. New customers get a 30-day free trial with full functionality.

What does Amazon Detective cost?

Detective charges are tiered based on the amount of data ingested (GB per account, region, and month) from sources such as CloudTrail and VPC Flow Logs. There are no additional charges for enabling log sources or for data storage itself.

Note: All product information on this page has been compiled with care, but is provided without guarantee and may be outdated or incomplete. Cloud services evolve rapidly — features, pricing, SLAs, and availability change frequently. Authoritative and up-to-date information can only be found on the official product page of AWS (official documentation). This page does not represent an offer by AWS.

AWS Cloud Expertise

innFactory is an AWS Reseller with certified cloud architects. We provide consulting, implementation, and managed services for AWS.

Similar Products from Other Clouds

Other cloud providers offer comparable services in this category. As a multi-cloud partner, we help you choose the right solution.

Google Cloud

Access Approval - Google Cloud Access Control

Access Approval for Google Cloud: manual approval before support accesses your data. Transparency and control for GDPR …

Pricing No extra cost, requires at least …
SLA SLA as published by the provider
Compare →
Google Cloud

Access Transparency - Access Logging

Access Transparency logs Google personnel access to your cloud data. Transparency and compliance for regulated …

Pricing No extra cost, requires at least …
SLA SLA as published by the provider
Compare →
Google Cloud

AI Protection - AI Security

AI Protection in Security Command Center inventories AI assets, scores AI risks via attack-path simulation, and detects …

Pricing Included in SCC Premium/Enterprise, no …
SLA N/A (part of Security Command Center)
Compare →
Google Cloud

Assured Workloads - Compliance Controls for Regulated Workloads

Assured Workloads enables compliance with regulatory requirements for regulated workloads in Google Cloud.

Pricing No additional charge for the service …
SLA SLA as published by the provider
Compare →
Azure

Azure Attestation - Trusted Execution Verification

Azure Attestation verifies the trustworthiness of TEEs like Intel SGX, AMD SEV-SNP, VBS enclaves, and TPM.

Pricing Free
SLA SLA as published by the provider
Compare →
Azure

Azure Cloud HSM - Hardware Security Module

Azure Cloud HSM provides FIPS 140-3 Level 3 validated hardware security modules for cryptographic keys.

Pricing Usage-based per HSM cluster hour, …
SLA SLA as published by the provider
Compare →

39 comparable products found across other clouds.

Ready to start with Amazon Detective - Security Analysis?

Our certified AWS experts help you with architecture, integration, and optimization.

Schedule Consultation