Platform Capabilities

Everything you need to secure cloud identities

From behavioral baselines to autonomous remediation, Detectory provides end-to-end identity threat detection and response for AWS environments.

Identity Monitoring

Deep visibility into every identity

Track 13+ identity types with behavioral baselines that learn what’s normal — typical APIs, IP ranges, time of day, and regions.

Identity Types Tracked

Console Users

SSO Federated

Service Roles

Lambda Functions

CI/CD Pipelines

AI Agents

Cross-Account

Root Account

EC2 Instance Roles

ECS Task Roles

Bedrock Agents

External IdP

API Gateway

Anomaly Scoring

New source IP

+20

Unusual region

+25

API volume spike

+30

First-time API call

+15

Off-hours activity

+20

Privilege escalation

+35

Composite Risk Score87 / 100

AI Agent Registry

Know every AI agent in your environment

Auto-discover AI agents via CloudTrail user-agent patterns. Profile their behavior, monitor MCP tool calls, and enforce allowlists and blocklists.

Discovered Agents

Claude Code

claude-code/1.x

Active

Risk Score

API Calls

2,847

Last Seen

2 min ago

LangChain Agent

langchain-agent/0.3

Active

Risk Score

API Calls

12,394

Last Seen

45 sec ago

Bedrock Agent

bedrock-agent/runtime

Active

Risk Score

API Calls

891

Last Seen

5 min ago

MCP Tool Monitoring

ToolPatternStatus

file_read/src/**allow

file_write/etc/passwdblock

sql_queryDROP TABLE *block

bash_execrm -rf /**block

file_read~/.aws/credentialsblock

api_call/api/v1/**allow

Sensitive path detection (credentials, secrets)

Dangerous SQL pattern blocking

Configurable allowlist / blocklist per agent

Detection Engine

Real-time threat detection powered by CloudTrail

Every CloudTrail event flows through EventBridge into Detectory’s detection pipeline. AssumeRole chains, privilege escalation, and data access anomalies — all mapped to MITRE ATT&CK.

Real-time Processing

CloudTrail events via EventBridge with sub-30s latency

AssumeRole Chain Tracking

Follow identity chains across accounts and roles

Privilege Escalation

Detect IAM policy changes, new admin grants, boundary bypasses

Data Access Monitoring

Track S3, Secrets Manager, DynamoDB, and KMS access patterns

MITRE ATT&CK Mapping

Every detection maps to MITRE techniques and tactics

Live Detection Feed

5 events

14:32:07high

AssumeRole chain detected

ci-deploy-role

T1078.004

14:31:54critical

Unusual API: secretsmanager:GetSecretValue

claude-code-agent

T1552.005

14:31:42medium

Console login from new IP (203.0.113.42)

admin@company.com

T1078.004

14:31:28high

S3 bulk download exceeds baseline (340%)

lambda-data-proc

T1530

14:31:15critical

IAM policy attachment: AdministratorAccess

dev-user-03

T1098.001

Investigation & Response

AI-powered investigation with progressive trust

Claude and Bedrock generate investigation reports, correlate events, and recommend remediation. You control how much automation you’re comfortable with.

Trust Level Progression

Monitor

Observe and log all detections silently

Notify

Send alerts via Slack, email, or webhooks

Recommend

AI suggests remediation actions for approval

Confirm

AI prepares actions, waits for human confirmation

Autonomous

AI executes remediation automatically with audit trail

Less automation

Full autonomy

Remediation Actions

Revoke access keys

Disable IAM users

Quarantine roles (inline deny policy)

Block AI agent sessions

Revoke temporary credentials

Isolate compromised resources

AI Investigation Reports

## Investigation Report — INC-2847

Identity: ci-deploy-role

Trigger: AssumeRole chain (3 hops)

MITRE: T1078.004 — Cloud Accounts

Recommendation: Quarantine role, revoke sessions

Confidence: 94%

Enterprise Integration

Fits into your existing workflow

Integrate Detectory with your team’s tools. Get alerts where your team already works, deploy across your entire AWS organization.

Slack

Real-time alerts in your security channels

Email

Configurable email notifications

Webhooks

Send events to any HTTP endpoint

REST API

Full programmatic control over Detectory

☁

CloudFormation

StackSets for org-wide multi-account deployment

Dashboard

React-based real-time monitoring UI

Ready to secure your cloud identities?

Deploy Detectory in minutes. No agents, no sidecars — just serverless infrastructure in your own AWS account.

Get Started View Pricing