# What is AWS Security Incident Response?
AWS Security Incident Response helps you quickly prepare for, respond to, and receive guidance to help recover from security incidents. This includes incidents like account takeovers, data breaches, and ransomware attacks.
AWS Security Incident Response triages threat findings, escalates security events, and manages cases that require your immediate attention. Additionally, you have access to Security Incident Response engineers, who will investigate impacted resources.
**Note**
There is no guarantee impacted resources can be recovered. We recommend establishing and maintaining backups for resources that could impact your business requirements.
AWS Security Incident Response works with other [AWS Detection and Response](https://aws.amazon.com/products/security/detection-and-response/) services, guiding you through the entire incident lifecycle – from detection to recovery.
**Topics**
+ [Supported configurations](supported-configs.md)
+ [Feature Summary](feature-summary.md)
# Supported configurations
AWS Security Incident Response supports the following language and region configurations:
+ Language: AWS Security Incident Response provides dedicated English support. Japanese language support is limited to Japan Standard Time business hours and comes with specific restrictions:
+
**Note**
Japanese language support is provided on a best-effort basis during business hours (09:00-17:00, Monday-Friday, excluding holidays)
+ Supported AWS Regions:
AWS Security Incident Response is available in a subset of AWS Regions. In these supported Regions, you create a membership, create and view cases, and access the dashboard.
+ US East (Ohio)
+ US West (Oregon)
+ US East (Virginia)
+ Europe (Frankfurt)
+ Europe (Ireland)
+ Europe (London)
+ Europe (Milan)
+ Europe (Paris)
+ Europe (Spain)
+ Europe (Stockholm)
+ Europe (Zurich)
+ Asia Pacific (Hong Kong)
+ Asia Pacific (Hyderabad)
+ Asia Pacific (Jakarta)
+ Asia Pacific (Melbourne)
+ Asia Pacific (Mumbai)
+ Asia Pacific (Seoul)
+ Asia Pacific (Singapore)
+ Asia Pacific (Sydney)
+ Asia Pacific (Tokyo)
+ Canada (Central)
+ Middle East (Bahrain)
+ Middle East (UAE)
+ South America (São Paulo)
+ Africa (Cape Town)
When you enable the monitoring and investigation feature, AWS Security Incident Response monitors Amazon GuardDuty findings from all active commercial AWS Regions. As a security best practice, AWS recommends enabling GuardDuty in all supported AWS Regions. This configuration allows GuardDuty to generate findings about unauthorized or unusual activity, even in AWS Regions where you don't actively deploy resources. By doing so, you enhance your overall security posture and maintain comprehensive threat detection coverage across your AWS environment.
**Note**
Amazon GuardDuty reports findings for configured regions. If you choose not to enable the service in a specific region, then alerts will not be available.
# Feature Summary
## Monitoring and investigation
AWS Security Incident Response rapidly reviews security threat alerts from Amazon GuardDuty and third-party integrations with AWS Security Hub CSPM, reducing the number your team needs to analyze. It configures suppression rules based on your environment to reduce threat alerts you need to triage and investigate.
## Streamline incident response
Scale and execute incident response within minutes with relevant stakeholders, third-party services, and tools.
## Self-service security solutions
AWS Security Incident Response provides APIs to integrate and allow you to build your own customized security solutions.
## Dashboard for visibility
Monitor and measure incident response readiness.
## Security posture
Access AWS best practices and vetted tools for security assessment and rapid incident response investigation.
## Expedited assistance
Connect with Security Incident Response engineers to investigate, contain, and receive guidance on ways to recover from security events.
## Preparedness and readiness
Implement streamlined notification by setting up your Incident Response team that triggers alerts to designated individuals or groups, with predefined permission policies.