AWS detective documentation change
Summary
Updated documentation links to include double slashes after domain in multiple URLs
Security assessment
The changes are purely URL formatting corrections (adding double slashes after the domain). There is no evidence of addressing security vulnerabilities, weaknesses, or incidents. The content related to security features (like Detective finding groups, investigations, and Security Lake integration) remains unchanged except for link syntax.
Diff
diff --git a/detective/latest/userguide/what-is-detective.md b/detective/latest/userguide/what-is-detective.md index 665665532..7265193b9 100644 --- a//detective/latest/userguide/what-is-detective.md +++ b//detective/latest/userguide/what-is-detective.md @@ -39 +39 @@ Detective finding groups -[Detective finding groups](https://docs.aws.amazon.com/detective/latest/userguide/groups-about.html) lets you examine multiple activities as they relate to a potential security event. You can analyze the root cause for high severity GuardDuty findings using finding groups. If a threat actor is attempting to compromise your AWS environment, they typically perform a sequence of actions that generate multiple security findings and unusual behaviors. +[Detective finding groups](https://docs.aws.amazon.com//detective/latest/userguide/groups-about.html) lets you examine multiple activities as they relate to a potential security event. You can analyze the root cause for high severity GuardDuty findings using finding groups. If a threat actor is attempting to compromise your AWS environment, they typically perform a sequence of actions that generate multiple security findings and unusual behaviors. @@ -41 +41 @@ Detective finding groups -The finding groups page in Detective displays all the related finding groups extracted from your behavior graph. For more information about how you can leverage finding groups to analyze the root cause of security findings, see [Analyzing finding groups in Detective](https://docs.aws.amazon.com/detective/latest/userguide/understanding-groups.html). +The finding groups page in Detective displays all the related finding groups extracted from your behavior graph. For more information about how you can leverage finding groups to analyze the root cause of security findings, see [Analyzing finding groups in Detective](https://docs.aws.amazon.com//detective/latest/userguide/understanding-groups.html). @@ -43 +43 @@ The finding groups page in Detective displays all the related finding groups ext -Detective provides an interactive visualization of each finding group to help you investigate security issues faster and more thoroughly. The visualization is designed to display entities and findings involved in a security incident, making it easier to understand connections and root causes. help you investigate issues faster and more thoroughly with less effort. The [Finding group Visualization](https://docs.aws.amazon.com/detective/latest/userguide/group-visual-finding-group.html) panel displays the findings and entities involved in a finding group. +Detective provides an interactive visualization of each finding group to help you investigate security issues faster and more thoroughly. The visualization is designed to display entities and findings involved in a security incident, making it easier to understand connections and root causes. help you investigate issues faster and more thoroughly with less effort. The [Finding group Visualization](https://docs.aws.amazon.com//detective/latest/userguide/group-visual-finding-group.html) panel displays the findings and entities involved in a finding group. @@ -48 +48 @@ Detective Investigation to triage findings -With [Detective Investigation](https://docs.aws.amazon.com/detective/latest/userguide/investigations-about.html) you can investigate IAM users and IAM roles using indicators of compromise, which can help you determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. With Detective investigations, you can maximize efficiency, focus on the security threats, and strengthen incidence response capabilities. +With [Detective Investigation](https://docs.aws.amazon.com//detective/latest/userguide/investigations-about.html) you can investigate IAM users and IAM roles using indicators of compromise, which can help you determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. With Detective investigations, you can maximize efficiency, focus on the security threats, and strengthen incidence response capabilities. @@ -52 +52 @@ Detective Investigation uses machine learning models and threat intelligence to -You can use start a Detective Investigation from the Detective console by [Running a Detective Investigation](). To run an investigation programmatically, use the [StartInvestigation](https://docs.aws.amazon.com/detective/latest/APIReference/API_StartInvestigation.html) operation of the Detective API. To run an investigation using the AWS Command Line Interface (AWS CLI) run the [start-investigation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/detective/start-investigation.html) command. +You can use start a Detective Investigation from the Detective console by [Running a Detective Investigation](https://docs.aws.amazon.com/). To run an investigation programmatically, use the [StartInvestigation](https://docs.aws.amazon.com//detective/latest/APIReference/API_StartInvestigation.html) operation of the Detective API. To run an investigation using the AWS Command Line Interface (AWS CLI) run the [start-investigation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/detective/start-investigation.html) command. @@ -57 +57 @@ Detective integration with Amazon Security Lake -[Detective integrates with Amazon Security Lake](https://docs.aws.amazon.com/detective/latest/userguide/securitylake-integration.html), which means that you can query and retrieve the raw log data stored by Security Lake. With this integration, you can collect logs and events from the following sources which Security Lake natively supports. +[Detective integrates with Amazon Security Lake](https://docs.aws.amazon.com//detective/latest/userguide/securitylake-integration.html), which means that you can query and retrieve the raw log data stored by Security Lake. With this integration, you can collect logs and events from the following sources which Security Lake natively supports. @@ -68 +68 @@ Detective integration with Amazon Security Lake -After you integrate Detective with Security Lake, Detective begins pulling raw logs from Security Lake related to AWS CloudTrail management events and Amazon VPC Flow Logs. You can [query raw logs](https://docs.aws.amazon.com/detective/latest/userguide/securitylake-integration.html#query-raw-logs-detective) to view the logs and events in Detective. +After you integrate Detective with Security Lake, Detective begins pulling raw logs from Security Lake related to AWS CloudTrail management events and Amazon VPC Flow Logs. You can [query raw logs](https://docs.aws.amazon.com//detective/latest/userguide/securitylake-integration.html#query-raw-logs-detective) to view the logs and events in Detective. @@ -73 +73 @@ Investigate VPC flow volume -With Detective you can interactively examine the [activity details of the virtual private cloud (VPC) network flows](https://docs.aws.amazon.com/detective/latest/userguide/profile-panel-drilldown-overall-vpc-volume.html) of your Amazon Elastic Compute Cloud (Amazon EC2) instances and Kubernetes pods. Detective automatically collects VPC flow logs from your monitored accounts, aggregates them by EC2 instance, and presents visual summaries and analytics about these network flows. +With Detective you can interactively examine the [activity details of the virtual private cloud (VPC) network flows](https://docs.aws.amazon.com//detective/latest/userguide/profile-panel-drilldown-overall-vpc-volume.html) of your Amazon Elastic Compute Cloud (Amazon EC2) instances and Kubernetes pods. Detective automatically collects VPC flow logs from your monitored accounts, aggregates them by EC2 instance, and presents visual summaries and analytics about these network flows. @@ -95 +95 @@ With AWS command line tools, you can issue commands at your system's command lin -AWS provides two sets of command line tools: the AWS Command Line Interface (AWS CLI) and the AWS Tools for PowerShell. For information about installing and using the AWS CLI, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/). For information about installing and using the Tools for PowerShell, see the [AWS Tools for PowerShell User Guide](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-welcome.html). +AWS provides two sets of command line tools: the AWS Command Line Interface (AWS CLI) and the AWS Tools for PowerShell. For information about installing and using the AWS CLI, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/). For information about installing and using the Tools for PowerShell, see the [AWS Tools for PowerShell User Guide](https://docs.aws.amazon.com//powershell/latest/userguide/pstools-welcome.html). @@ -100 +100 @@ AWS SDKs -AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms—for example, Java, Go, Python, C++, and .NET. The SDKs provide convenient, programmatic access to Detective and other AWS services. They also handle tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. For information about installing and using the AWS SDKs, see [Tools to Build on AWS](https://aws.amazon.com/developer/tools/). +AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms—for example, Java, Go, Python, C++, and .NET. The SDKs provide convenient, programmatic access to Detective and other AWS services. They also handle tasks such as cryptographically signing requests, managing errors, and retrying requests automatically. For information about installing and using the AWS SDKs, see [Tools to Build on AWS](https://aws.amazon.com//developer/tools/). @@ -117 +117 @@ When you enable Detective for the first time, your AWS account is automatically -To help you understand and forecast the cost of using Detective after the free trial ends, Detective provides you with estimated usage costs based on your use of Detective during the trial. Your usage data also indicates the amount of time that remains before your free trial ends. You can [review your Detective account's usage related data](https://docs.aws.amazon.com/detective/latest/userguide/tracking-usage-logging.html) on the Amazon Detective console and access it with the Amazon Detective API. +To help you understand and forecast the cost of using Detective after the free trial ends, Detective provides you with estimated usage costs based on your use of Detective during the trial. Your usage data also indicates the amount of time that remains before your free trial ends. You can [review your Detective account's usage related data](https://docs.aws.amazon.com//detective/latest/userguide/tracking-usage-logging.html) on the Amazon Detective console and access it with the Amazon Detective API. @@ -177 +177 @@ To learn more about Security Lake, see the [Amazon Security Lake User Guide](htt -To learn about additional AWS security services, see [Security, Identity, and Compliance on AWS](https://aws.amazon.com/products/security/). +To learn about additional AWS security services, see [Security, Identity, and Compliance on AWS](https://aws.amazon.com//products/security/).