-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAmazonDetective.yaml
26 lines (25 loc) · 1.15 KB
/
AmazonDetective.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
version: 1
ATT&CK version: 9
creation date: 06/14/2021
name: Amazon Detective
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: AWS
tags:
- Not Mappable
description: >-
Amazon Detective is an automated data enrichment tool that extracts time-based events from other
services such as AWS CloudTrail, Amazon VPC flow logs, and GuardDuty.
These events include: login attempts, API calls, and network traffic and can be very useful
in understanding security issues or operational account activity. Amazon Detective uses machine learning,
statistical analysis, and graph theory to help you visualize and conduct faster and more efficient
security investigations.
techniques: []
comments: >-
Although this service can be scored as a Response control (Minimal/Data Enrichment/Forensics),
due to the generic nature of its functionality, currently it does not look to be reasonably
mappable to specific (sub-)techniques of MITRE ATT&CK.
references:
- https://aws.amazon.com/detective/
- https://aws.amazon.com/detective/faqs/
- https://docs.aws.amazon.com/detective/latest/adminguide/what-is-detective.html