The past four days examined individual detection-layer tools: GuardDuty (threat detection), Detective (investigation), Inspector (vulnerability). But in real security operations, they are not used separately — each spills findings, and analysts hop between four consoles viewing the same incident four times. Today's theme is to unify these tools into one consistent detection architecture. The glue holding it together is AWS Security Hub.
Core insight: GuardDuty, Inspector, Detective, Macie, IAM Access Analyzer etc