Security

AWS Detective

Amazon Detective uses ML and graph theory to help conduct faster security investigations across AWS workloads.

What is Detective? (Simple Explanation)

Detective is an AWS service in the Security category. Amazon Detective uses ML and graph theory to help conduct faster security investigations across AWS workloads.

When Would You Use This?

Security incident investigation
Root cause analysis of GuardDuty findings
IAM role behavior analysis
Lateral movement detection

Who Uses Detective?

From startups to enterprises, Detective powers:

StartupsMid-size CompaniesLarge EnterprisesGovernmentNonprofits

What Makes Detective Powerful

Unified view across GuardDuty, CloudTrail, VPC Flow Logs

Graph-based entity relationship visualization

Automatic data aggregation

Up to 12 months of historical analysis

Integration with Security Hub

Services That Work with Detective

Detective is rarely used alone. It's typically combined with:

GuardDuty CloudTrail VPC Flow Logs Security Hub IAM

Compliance & Security

How AWS Detective fits into major compliance standards:

CIS AWS Foundations

Detective configuration is audited by CIS Benchmarks 1.5–3.0 for secure cloud defaults.

NIST 800-53

Detective access controls, encryption, and audit logging map to NIST 800-53 AC, SC, and AU control families.

PCI DSS 4.0

Detective encryption, access control, and logging support PCI DSS for cardholder data environments.

SOC 2

Detective security, availability, and confidentiality controls evaluated under SOC 2 Trust Services Criteria.

ISO 27001

Detective configuration and monitoring controls map to ISO 27001 Annex A information security management.

Ready to secure your Detective configuration?

Pavora continuously monitors your AWS Detective for misconfigurations, compliance violations, and security risks.

Get Started Browse All Services