Event detection

The Event Detection component provides the ability to detect security events as they happen, to trigger the appropriate responses, and to provide information about the incident to the security team.

Table 5 — Event detection capability and the associated AWS services

Capability and CSF mapping	AWS service	AWS service description	Function	AWS GovCloud (US) available?
Event Detection DE.AE-3, DE.CM-1, DE.CM-4, DE.CM-5, DE.CM-7	Amazon GuardDuty	Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in S3.	This control detects reconnaissance activity, such as unusual API activity, intra-VPC port scanning, unusual patterns of failed login requests, or unblocked port probing from a known, bad IP address.	Yes
	Amazon Macie	Amazon Macie is a fully managed data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data in AWS.	This control discovers and protects sensitive data using ML and pattern matching.	No
	AWS Network Firewall	AWS Network Firewall is a high availability, managed network firewall service for your virtual private cloud (VPC). It enables you to easily deploy and manage stateful inspection, intrusion prevention and detection, and web filtering to help protect your virtual networks on AWS. Network Firewall automatically scales with your traffic, ensuring high availability with no additional customer investment in security infrastructure.	This control detects reconnaissance activity using signature-based detection.	Yes

Capability and CSF mapping

AWS service

AWS service description

Function

AWS GovCloud (US)

available?

Event Detection

DE.AE-3, DE.CM-1, DE.CM-4, DE.CM-5, DE.CM-7

Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in S3.

This control detects reconnaissance activity, such as unusual API activity, intra-VPC port scanning, unusual patterns of failed login requests, or unblocked port probing from a known, bad IP address.

Yes

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data in AWS.

This control discovers and protects sensitive data using ML and pattern matching.

AWS Network Firewall

AWS Network Firewall is a high availability, managed network firewall service for your virtual private cloud (VPC). It enables you to easily deploy and manage stateful inspection, intrusion prevention and detection, and web filtering to help protect your virtual networks on AWS. Network Firewall automatically scales with your traffic, ensuring high availability with no additional customer investment in security infrastructure.

This control detects reconnaissance activity using signature-based detection.

Yes

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Denylisting

Forensics and analytics