Amazon Detective is a managed service designed specifically toinvestigate and analyze security findingsby automatically correlating data from Amazon GuardDuty, AWS CloudTrail, and VPC Flow Logs. According to the AWS Certified Security – Specialty Official Study Guide, Detective enables security teams to identifyroot causes, anomalous behavior, and indicators of compromisethrough interactive visualizations.
Amazon Detective allows investigators to pivot directly toIAM roles, users, and resources that are involved in GuardDuty findings. Detective builds behavior graphs and timelines that show API activity, network traffic, and historical context, making it easier to understand how and why a security incident occurred.
Amazon Inspector (Option B) focuses on vulnerability scanning of compute resources and does not investigate IAM behavior. Option C requires manual analysis and lacks native visualization. AWS Security Hub (Option D) aggregates findings but does not perform root-cause investigation or behavioral analysis.
AWS documentation explicitly states thatAmazon Detective is the recommended service for deep-dive investigations following GuardDuty alerts, especially when IAM roles are involved.
AWS Certified Security – Specialty Official Study Guide
Amazon Detective User Guide
Amazon GuardDuty Integration Documentation