Supporting Information

Navigation hub for forensic and historical records.

Supporting Information

The Supporting Information page is a navigation hub that provides quick access to raw forensic data, access logs, and historical security records. Use these tools when investigating a specific incident or auditing access to your data.

Available Tools

Click any card to navigate to the corresponding tool:

Card

What It Answers

Destination

Classification History

What is the history of all classification changes?

Classification Details

External Accounts

Which AWS accounts are accessing my resources?

External Accounts

Actions Taken by Users

What API calls and actions have users performed?

Audit Activity

Files Accessed by Users

Which specific files have users accessed?

Files Accessed by User

Configuration Changes

What configuration changes have been made to resources?

Inventory > Configuration Drift

When to Use Supporting Information

These tools are most useful during:

Incident investigation — A suspected attack or breach has been detected and you need to trace exactly what happened.
Compliance audits — You need to demonstrate who accessed what data and when.
Access reviews — You want to confirm that only authorized accounts and users are accessing your resources.
Change management reviews — You want to verify what configuration changes were made and by whom.

For a guided investigation workflow, see Forensic Analysis.

PreviousSecurity Holes NextClassification Details

Last updated 1 month ago

hashtagSupporting Information

hashtagAvailable Tools

hashtagWhen to Use Supporting Information