Integration with Amazon Detective can help you further investigate IP addresses, AWS
accounts, EC2 instances, and Amazon GuardDuty findings. Amazon Detective makes it easy for you to
investigate the root cause of potential security issues and suspicious activities.
Before you begin
Ensure that you enable integration with Amazon Detective in the AWS resource access
permissions wizard. For more information, see Integrating with Amazon Detective.
Procedure
- Optional:
From the AWS Offense Overview dashboard, use the
following methods to investigate any chart.
- Hover over the row of the offense that you want to investigate and click the
Investigate icon ().
- On the AWS resources in offense page, expand the relevant AWS
resource type or resource category, such as IPs or AWS Accounts.
- Click the resource and log in to Amazon Detective.
- Optional: From the VPC Flow Logs page, select a disk to
investigate.
- Click an IP address that you want to investigate, and in the Investigate in
Amazon Detective pop-up, click the relevant resource and log in to Amazon
Detective.