During the management of your AWS accounts, AMS monitors for anomalies in user behavior, account activities and potential security events using data collected from detection sources and controls including but not limited to Amazon CloudWatch, Amazon GuardDuty, VPC Flow Logs, Amazon Macie, AWS Config and Amazon internal Threat Intelligence feeds.
AMS uses both native AWS services and other detection technologies to respond to security events created by:
Config Conformance Finding Types
GuardDuty Finding Types
Macie Finding Types
Amazon Route 53 Resolver DNS Firewall Events
AMS Security events (cloud watch alarms)
Additional findings are added as services, products and threat ecosystems evolves.
Report security events to AMS
Raise an incident through the AMS Support Portal or Support Center to notify AMS of a security incident or to request investigations.
