How Detective Builds a Behavior Graph
Understand how Detective links events into an investigable graph.
From Alert to Understanding
Detection tells you something is wrong; investigation tells you what actually happened. Amazon Detective is the service built for investigation. It automatically analyzes activity and builds a visual model so you can understand the full story behind a finding, not just the alert.
What Detective Does
Detective continuously ingests and links log data to build a graph of behavior over time. Instead of manually correlating logs across services, you get a pre-built, queryable picture of how entities like accounts, instances, and IP addresses have interacted.
All lessons in this course
- How Detective Builds a Behavior Graph
- Pivoting from a GuardDuty Finding
- Analyzing Entities and Time Windows
- Spotting Anomalous Activity Patterns