Investigating offense-related AWS resources in Amazon Detective
Integration with Amazon Detective can help you further investigate IP addresses, AWS accounts, EC2 instances, and Amazon GuardDuty findings. Amazon Detective makes it easy for you to investigate the root cause of potential security issues and suspicious activities.
Ensure that you enable integration with Amazon Detective in the AWS resource access permissions wizard. For more information, see Integrating with Amazon Detective.
Before you begin
From the AWS Offense Overview dashboard, use the
following methods to investigate any chart.
- Hover over the row of the offense that you want to investigate and click the Investigate icon ().
- On the AWS resources in offense page, expand the relevant AWS resource type or resource category, such as IPs or AWS Accounts.
- Click the resource and log in to Amazon Detective.
- Optional: From the VPC Flow Logs page, select a disk to
- Click an IP address that you want to investigate, and in the Investigate in Amazon Detective pop-up, click the relevant resource and log in to Amazon Detective.