How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub
Security Blog
This article discusses how to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub.
Specifically, the article covers:
- Solution architecture integrating GuardDuty, Security Hub, EventBridge, Lambda, and Detective
- Using the Detective API and a JavaScript Lambda function to perform investigations and enrich findings
- Setting up automated investigations for high severity GuardDuty findings using Security Hub automations
- Enabling on-demand investigations using Security Hub custom actions
- Limitations and potential customizations of the provided solution
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 18
2024
2024
Using Amazon Detective for IAM investigations
Dec 2
2024
2024
Amazon GuardDuty introduces GuardDuty Extended Threat Detection
Jun 4
2025
2025
Detect and investigate Amazon EC2 malware with Amazon GuardDuty and Amazon Detective
Sep 15
2025
2025
Navigating Amazon GuardDuty protection plans and Extended Threat Detection
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.