Security Incident Response is a purpose-built security solution designed to help you prepare for, respond to, and recover from security events. Security Incident Response offers three core features: monitoring and triaging of security findings from Amazon GuardDuty and third-party tools through AWS Security Hub; integrated communication and collaboration tools to streamline security escalation and response; and access to self- managed security investigation tools and 24/7 support from the AWS Customer Incident Response Team (CIRT), who can assist you in investigating, containing, eradicating, and recovering from security events. With Security Incident Response, you can enhance your organization’s overall security posture and incident response readiness.
You can enable Security Incident Response across AWS Organizations through your management or delegated administrator account. To experience the full service, we recommend activating Amazon GuardDuty and AWS Security Hub as well. With the appropriate services and permissions enabled, Security Incident Response can monitor, triage, and investigate security findings, and proactively escalate security events that require attention from your central security teams.
If you choose to grant the necessary permissions, Security Incident Response can actively monitor and triage findings from Amazon GuardDuty and AWS Security Hub. It employs intelligent filtering based on your specific customer information, such as known IP addresses and AWS Identity and Access Management (IAM) entities. For findings that require attention, Security Incident Response takes immediate action. It immediately creates a security case and notifies the stakeholders you've designated as part of your incident response team, minimizing risk and potential damage.
Customers can initiate security cases through the service themselves. They can choose to handle these cases internally or receive support from the AWS Customer Incident Response Team (CIRT), a dedicated group of security experts available 24/7 to assist with investigating, responding to, and recovering from security events.
Yes, you can cancel your service membership at any time. Visit Security Incident Response pricing for more details.