AWS amazon_detective Mappings

Amazon Detective is an automated data enrichment tool that extracts time-based events from other services such as AWS CloudTrail, Amazon VPC flow logs, and GuardDuty. These events include: login attempts, API calls, and network traffic and can be very useful in understanding security issues or operational account activity. Amazon Detective uses machine learning, statistical analysis, and graph theory to help you visualize and conduct faster and more efficient security investigations.

Although this service can be scored as a Response control (Minimal/Data Enrichment/Forensics), due to the generic nature of its functionality, currently it does not look to be reasonably mappable to specific (sub-)techniques of MITRE ATT&CK.


Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name