0Pricing
AWS Security Academy · Lesson

Pivoting from a GuardDuty Finding

Trace a single alert into the full story of what happened.

Starting from a Finding

Investigations usually begin with an alert. Detective integrates tightly with GuardDuty so you can pivot directly from a finding into the behavior graph. One click takes you from "something is wrong" to a rich, contextual view of everything related to that finding.

The Investigate Link

In GuardDuty and Security Hub, findings carry an Investigate in Detective action. Choosing it opens Detective focused on the entities in that finding, such as the affected instance, the IAM role, or the remote IP. The context comes preloaded, saving setup time.

All lessons in this course

  1. How Detective Builds a Behavior Graph
  2. Pivoting from a GuardDuty Finding
  3. Analyzing Entities and Time Windows
  4. Spotting Anomalous Activity Patterns
← Back to AWS Security Academy