AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2026-05-13 · Documentation low

File: security-ir/latest/userguide/deploy-configure.md

Summary

Updated references from 'AWS SIRT' to 'Security Incident Response Engineering' in proactive response and containment actions sections.

Security assessment

Terminology change only, with no modification to security capabilities or vulnerability information. Maintains existing security functionality documentation.

Diff

diff --git a/security-ir/latest/userguide/deploy-configure.md b/security-ir/latest/userguide/deploy-configure.md
index 144365ada..24f494a20 100644
--- a//security-ir/latest/userguide/deploy-configure.md
+++ b//security-ir/latest/userguide/deploy-configure.md
@@ -33 +33 @@ The instructions in this section outline how to enable Security Incident Respons
-  7. **Proactive response** is on by default and creates a service-linked role that allows AWS SIRT to ingest GuardDuty findings and open proactive investigation cases when threats are detected. For more information, see [Proactive response](https://docs.aws.amazon.com/security-ir/latest/userguide/proactive-response.html).
+  7. **Proactive response** is on by default and creates a service-linked role that allows Security Incident Response Engineering to ingest GuardDuty findings and open proactive investigation cases when threats are detected. For more information, see [Proactive response](https://docs.aws.amazon.com/security-ir/latest/userguide/proactive-response.html).
@@ -37 +37 @@ AWS Security Incident Response automatically creates the `AWSServiceRoleForSecur
-  8. (Optional) Choose to pre-authorize AWS SIRT to perform containment actions on your behalf during active incidents. Supported containment actions include runbooks for compromised S3 buckets, EC2 instances, and IAM principals. If you skip this step, SIRT will provide manual guidance during investigations. For more information, see [Containment actions](https://docs.aws.amazon.com/security-ir/latest/userguide/containment.html).
+  8. (Optional) Choose to pre-authorize Security Incident Response Engineering to perform containment actions on your behalf during active incidents. Supported containment actions include runbooks for compromised S3 buckets, EC2 instances, and IAM principals. If you skip this step, Security Incident Response Engineering will provide manual guidance during investigations. For more information, see [Containment actions](https://docs.aws.amazon.com/security-ir/latest/userguide/containment.html).