External tooling workflow

Security Incident Response integrates with external tools and partners in multiple ways:

SIEM integration: Security Incident Response engineers help analyze and investigate those findings in parallel with your team when you submit AWS supported cases. We identify correlations across hybrid and multi-cloud environments, helping scope threat actor movements between providers.
Enhances your existing security operations: We replace traditional GuardDuty response workflows with a more efficient, parallel response model. Many organizations currently utilize SIEM technology for detection workflows through case management. This service provides a streamlined alternative specifically for GuardDuty (and select Security Hub CSPM) findings. The solution leverages sophisticated auto-triage technology with human oversight to create proactive cases in your portal, simultaneously alerting your response team and engaging our Security Incident Response engineers for coordinated remediation efforts.
Third-party investigation teams: Our Security Incident Response engineers collaborate directly with your partners and MDR providers. We offer tabletop exercises to establish effective processes and integration of mechanisms for your subscription.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Integrations and external tooling workflow

Appendix A: Points of contact