A naukri.com initiative
Amazon
1M
398
Image Credit: Amazon
Using Amazon Detective for IAM investigations
- Amazon Detective is a tool to investigate IAM users and roles to help determine if a resource is involved in a security event and obtain an in-depth analysis.
- Detective Investigation uses machine learning and threat intelligence to identify potential indicators of compromise (IoCs) or suspicious activity.
- It can help determine if IAM entities have potentially been compromised or involved in known tactics, techniques, and procedures (TTPs) from the MITRE ATT&CK framework.
- To start an investigation, sign in to the console and choose the desired scenario.
- Some of the scenarios use Amazon GuardDuty, an intelligent threat detection service.
- Scenario 1 involves automated investigations and allows the users to view the number of IAM roles and users impacted by security events over a set period.
- Scenario 2, Investigator Person, involves triaging the resources associated with a GuardDuty finding wherein an IAM user or role has been identified in an anomalous behavior.
- Scenario 3, Threat Hunter Persona can be used to investigate suspicious activity in an organization and to find out which IAM entities have been communicating with a command-and-control IP address.
- There's no additional charge for this capability, and it's available today for existing and new Detective customers in AWS Regions that support Detective.
- Detective Investigations offer a proactive approach to threat identification and mitigation and can prove to be a useful tool for security analysts.
Read Full Article
23 Likes
For uninterrupted reading, download the app