How It Works
From zero to full visibility in minutes
Detectory deploys as serverless infrastructure in your own AWS account. No agents to install, no data leaving your environment.
Architecture overview
100% serverless, deployed entirely in your AWS account. Your data never leaves your environment.
CloudTrail
API activity logs
EventBridge
Event routing
Lambda Pipeline
Detection & scoring
DynamoDB
State & baselines
AppSync
GraphQL API
React Dashboard
Monitoring UI
CloudTrail
API activity logs
EventBridge
Event routing
Lambda Pipeline
Detection & scoring
DynamoDB
State & baselines
AppSync
GraphQL API
React Dashboard
Monitoring UI
Five steps to complete protection
Install
Run cdk deploy in your AWS management account. Detectory deploys as fully serverless infrastructure — Lambda, DynamoDB, EventBridge, AppSync, and CloudFront. No servers, no containers.
Configure
Set up identity baselines, alert channels (Slack, email, webhooks), trust levels, and AI agent monitoring policies. Fine-tune anomaly thresholds to match your environment.
Monitor
CloudTrail events flow through the detection pipeline in real-time. Every identity action is scored against behavioral baselines. Anomalies are flagged within seconds.
Investigate
AI generates detailed investigation reports with correlated events, timeline analysis, and MITRE ATT&CK mapping. Understand the full context of any suspicious activity.
Respond
Progressive trust automation executes remediation at your comfort level — from passive monitoring to fully autonomous response. Every action is logged with a complete audit trail.
What gets monitored
Detectory analyzes every identity-related event in your AWS environment, providing comprehensive coverage across all critical areas.
Authentication
- Console logins
- SSO federation events
- API key usage
- MFA status changes
Identity Actions
- AssumeRole chains
- Cross-account access
- Service-linked roles
- Temporary credentials
Privilege Changes
- IAM policy attachments
- Permission boundary changes
- Role trust policy edits
- Admin access grants
Data Access
- S3 object operations
- Secrets Manager access
- DynamoDB table reads
- KMS key usage
AI & Automation
- AI agent API calls
- MCP tool invocations
- Bedrock model access
- Automated workflows
Infrastructure
- Security group changes
- VPC modifications
- CloudTrail tampering
- GuardDuty findings
Deploy Detectory in your AWS account today
One CDK command. Full serverless infrastructure. Complete identity visibility in minutes, not weeks.