Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Skip to main content

AWS Security Incident Response

AWS Security Incident Response FAQs

Page topics

General
5

General

Open all

Security Incident Response is a purpose-built security solution designed to help you prepare for, respond to, and recover from security events. Security Incident Response offers three core features: monitoring and triaging of security findings from Amazon GuardDuty and third-party tools through AWS Security Hub; integrated communication and collaboration tools to streamline security escalation and response; and access to self-managed security investigation tools and 24/7 support from the AWS Customer Incident Response Team (CIRT), who can assist you in investigating, containing, eradicating, and recovering from security events. With Security Incident Response, you can enhance your organization’s overall security posture and incident response readiness.

You can enable Security Incident Response across AWS Organizations through your management or delegated administrator account. To experience the full service, we recommend activating Amazon GuardDuty and AWS Security Hub as well. With the appropriate services and permissions enabled, Security Incident Response can monitor, triage, and investigate security findings and proactively escalate security events that require attention from your central security teams.

If you choose to grant the necessary permissions, Security Incident Response can actively monitor and triage findings from GuardDuty and Security Hub. It employs intelligent filtering based on your specific customer information, such as known IP addresses and AWS Identity and Access Management (IAM) entities. For findings that require attention, Security Incident Response takes immediate action. It immediately creates a security case and notifies the stakeholders you've designated as part of your incident response team, minimizing risk and potential damage.

Customers can initiate security cases through the service themselves. They can choose to handle these cases internally or receive support from the AWS CIRT, a dedicated group of security experts available 24/7 to assist with investigating, responding to, and recovering from security events.

Yes, you can cancel your service membership at any time. Visit Security Incident Response pricing for more details.