Amazon Detective integration

Integration with Amazon Detective can help you further investigate IP addresses, AWS accounts, EC2 instances, and Amazon GuardDuty findings. Amazon Detective collects log data from AWS resources and uses machine learning and statistical analysis to help you investigate security breaches.

Complete the following workflow to enable the integration:
  1. Configure QRadar® Cloud Visibility integration with Amazon Detective. See Integrating with Amazon Detective.
  2. Add a custom event property for GuardDuty FindingIDs. See Adding a custom event property for the GuardDuty FindingID.
  3. Send AWS log source data to Amazon Detective for investigation. See Investigating offense-related AWS resources in Amazon Detective.