Investigating offense-related AWS resources in Amazon Detective

Integration with Amazon Detective can help you further investigate IP addresses, AWS accounts, EC2 instances, and Amazon GuardDuty findings. Amazon Detective makes it easy for you to investigate the root cause of potential security issues and suspicious activities.

Before you begin

Ensure that you enable integration with Amazon Detective in the AWS resource access permissions wizard. For more information, see Integrating with Amazon Detective.


  1. Optional: From the AWS Offense Overview dashboard, use the following methods to investigate any chart.
    1. Hover over the row of the offense that you want to investigate and click the Investigate icon (Investigate in Amazon Detective icon).
    2. On the AWS resources in offense page, expand the relevant AWS resource type or resource category, such as IPs or AWS Accounts.
    3. Click the resource and log in to Amazon Detective.
  2. Optional: From the VPC Flow Logs page, select a disk to investigate.
    1. Click an IP address that you want to investigate, and in the Investigate in Amazon Detective pop-up, click the relevant resource and log in to Amazon Detective.