The content from the Amazon Detective Administration Guide is now consolidated into the Amazon Detective User Guide. Amazon Detective Administration Guide will reach its end of standard support on May 08, 2024.
Document history for Detective Administration Guide
The following table describes the important changes to the documentation since the last release of Detective. For notification about updates to this documentation, you can subscribe to an RSS feed.
-
Latest documentation update: April 15, 2024
| Change | Description | Date |
|---|---|---|
Documentation update | The content from the Amazon Detective Administration Guide is now consolidated into the Amazon Detective User Guide. Amazon Detective Administration Guide will reach its end of standard support on May 08, 2024. | April 15, 2024 |
You are no longer required to be a GuardDuty customer to enable Amazon Detective. The requirement to have GuardDuty enabled in your account for 48 hours before enabling Detective has been removed. | February 2, 2024 | |
Changes in how Detective reads the flow traffic for shared VPCs | If you are using a shared Amazon VPC, you may see changes in the traffic monitored by Detective. We recommend that you review the changes in Activity details for overall VPC flow volume to understand the potential effects on your coverage, and review how Detective calculates projected cost to understand how that can impact your service costs. | December 20, 2023 |
Added Detective investigations and finding groups summary actions to the
| November 26, 2023 | |
Detective is now available in the Israel (Tel Aviv) Region. | August 25, 2023 | |
Added AWS security findings as a new optional data source package. | Detective now provides AWS security findings as an optional data source package. This optional data source package allows Detective to ingest data from Security Hub and adds that data to your behavior graph. | May 16, 2023 |
Detective offers managed policies to securely choose the permissions that you need. | April 3, 2023 | |
Detective now supports GuardDuty get findings actions through the AmazonDetectiveFullAccess policy. The security chapter now provides details about the following new managed policies for Detective: AmazonDetectiveMemberAccess and AmazonDetectiveInvestigatorAccess. | January 17, 2023 | |
With Detective, you can access up to a year of historical event data. | December 20, 2022 | |
Detective now supports finding groups that connect related findings together in a single display to help you investigate potential malicious activity in your environment. From a finding group profile, you can pivot to entity profiles and finding overviews related to that group. | August 3, 2022 | |
Detective now supports EKS audit logs as an optional data source package. An administrator account can enable this new data source for their existing behavior graph. Graphs created after this date will have this data source enabled by default. Administrators can disable this data source manually at any time. | July 26, 2022 | |
Detective now has a service-linked role, | December 16, 2021 | |
Detective is now integrated with Organizations. The organization management account designates a Detective administrator account for the organization. The Detective administrator account can view all of the accounts in the organization, and enable those accounts as member accounts in the organization behavior graph. | December 16, 2021 | |
Increased the data volume quotas for behavior graphs. At 3.24 TB per day, Detective issues a warning. At 3.6 TB per day, no new accounts can be added. At 4.5 TB per day, Detective stops ingesting data into the behavior graph. | June 10, 2021 | |
When you use the Detective Python script | May 19, 2021 | |
Added automatic enabling of member accounts that pass the data volume check | When member accounts accept an invitation, their status is Accepted (Not enabled) until Detective verifies that their data will not cause the behavior graph data volume to exceed the quota. If the data volume is not a problem, Detective automatically changes the status to Accepted (Enabled). Note that existing member accounts that are currently Accepted (Not enabled) cannot be enabled automatically. | May 12, 2021 |
A new section in the security chapter provides details about managed policies for Detective.
Detective currently provides a single managed policy,
| May 10, 2021 | |
Changed the data volume values in the member accounts list | On the account management page, the member accounts list now displays the daily data volume for each member account. Previously the list displayed the volume as a percentage of the total allowed volume. | April 29, 2021 |
Revised options for managing member accounts | Replaced the Manage accounts menu with an Actions menu. Combined the options for adding individual accounts and adding accounts from a .csv file. Moved Enable accounts from Manage accounts to a separate option next to Actions. | April 5, 2021 |
Added behavior graph tags and authorization based on tags | When you enable Detective, you can add tags to the behavior graph. You can manage tags for a behavior graph from the General page. Detective also supports authorization based on tag values. | March 31, 2021 |
Added differences for AWS GovCloud (US) Regions | Detective is now available in the AWS GovCloud (US) Regions. In AWS GovCloud (US-East) and AWS GovCloud (US-West), Detective does not send invitation emails to member accounts. Detective also does not automatically remove member accounts that are shut down in AWS. | March 24, 2021 |
Added tabs to filter the member account list based on the member account status | The list of member accounts now displays tabs that you can use to filter the list based on the member account status. You can view all member accounts, those that have a status of Accepted (Enabled), or those that have a status other than Accepted (Enabled). | March 16, 2021 |
The Detective | February 26, 2021 | |
Changed "master account" to "administrator account" | The term "master account" is changed to "administrator account." The term is also changed in the Detective console and API. | February 25, 2021 |
Added API option to not send invitation emails to member accounts | When using the Detective API to add member accounts, administrator accounts can choose to not send invitation emails to member accounts. | February 25, 2021 |
Member account quota increased to 1,200 | Master accounts can now invite up to 1,200 member accounts to their behavior graph. Previously the quota was 1,000. | December 11, 2020 |
Updated the information about behavior graph data volume quotas to add the specific quota values. | December 11, 2020 | |
Member accounts can now see their usage and projected cost | Member accounts can now view their own usage information. For member accounts, the Usage page shows the amount of data ingested into each behavior graph that they contribute to. Member accounts can also see their projected 30-day cost. | May 26, 2020 |
Free trial is now per account instead of per behavior graph | Each account Amazon Detective now receives a separate free trial within each Region. The free trial starts either when the account enables Detective, or the first time the account is enabled as a member account. | May 26, 2020 |
New open source Python scripts on GitHub | The new amazon-detective-multiaccount-scripts | January 21, 2020 |
Introducing Amazon Detective | Detective uses machine learning and purpose-built visualizations to help you analyze and investigate security issues across your Amazon Web Services (AWS) workloads. | December 2, 2019 |
