Accelerate investigations with AWS Security Incident Response AI-powered capabilities
Security Blog
This article announces AI-powered investigation capabilities for AWS Security Incident Response, automating evidence gathering and analysis during security incidents.
- Investigative agent automatically gathers evidence from CloudTrail, IAM, EC2, and cost data
- Agent asks clarifying questions to understand incident context before investigation
- Correlates evidence across multiple AWS services and presents comprehensive timeline
- Reduces investigation time from hours to minutes
- Included at no additional cost with metered pricing model
- Integrates with GuardDuty, Security Hub, and EventBridge for automated workflows
- All actions logged in CloudTrail for full auditability
- Available now in all commercial AWS Regions
The investigative agent streamlines security incident response by automating manual evidence collection, enabling SOC analysts to focus on containment decisions rather than log analysis.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 21
2025
2025
AWS Security Incident Response now provides agentic AI-powered investigation
Sep 23
2025
2025
Optimize security operations with AWS Security Incident Response
Feb 27
2025
2025
Accelerate Security Incident Response and Recovery with AWS Security Incident Response Partners
Jul 24
2025
2025
AWS Security Incident Response: The customer’s journey to accelerating the incident response lifecycle
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.