What This Tool Does
Real examples of how the connector helps your AI agent take action; like sending messages, updating records, or syncing data across tools.
Real-Time Lookup
Instantly view investigation summaries, entities involved, and timeline activity from AWS Detective.
Example
"Show all findings linked to suspicious activity on EC2 instance i-001233abc."
Memory Recall
View historical investigation data and threat insights.
Example
“Show Detective visualizations related to user access anomalies from July.”
Instant Reaction
Alert security when suspicious activity is detected by AWS Detective.
Example
"Send alert if user exhibits unusual API call patterns."
Autonomous Routine
Monitor entity behavior and access anomaly trends.
Example
"Run weekly report on IAM access anomalies."
Agent-Initiated Action
Tag or restrict suspicious identities.
Example
"Restrict user temporarily if flagged by behavior model."
Connect with Apps
See which platforms this connector is commonly used with to power cross-tool automation.
GuardDuty
Correlate threats with Detective findings
CloudTrail
Provide supporting logs for investigations
Slack
Alert analysts on active investigations
Try It with Your Agent
Example Prompt:
"When a new GuardDuty finding appears, fetch related CloudTrail logs using Detective and notify Slack."
How to Set It Up
Quick guide to connect, authorize, and start using the tool in your Fastn UCL workspace.
1
Connect AWS Detective in Fastn UCL: Navigate to the Connectors section and select AWS Detective, then click Connect.
2
Authenticate using your AWS credentials to access security investigation tools.
3
Enable “get_investigation” and “analyze_behavior” in the Actions tab.
4
Use the AI Agent to analyze threats or suspicious behavior by issuing relevant prompts.
Why Use This Tool
Understand what this connector unlocks: speed, automation, data access, or real-time actions.
