What is Amazon Detective

Amazon Detective is a security service that helps users analyze and investigate security issues across their AWS resources. It aggregates data from various sources to provide insights into security incidents and helps users understand the context of these incidents.

Use cases

Use cases for Amazon Detective include investigating security incidents, analyzing user behavior for anomalies, understanding the root cause of security issues, and enhancing compliance by providing detailed security insights.

How to use

To use Amazon Detective, users need to enable the service in their AWS account. Once enabled, it automatically collects and organizes data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty. Users can then access the Amazon Detective console to analyze security findings and investigate incidents.

Key features

Key features of Amazon Detective include data aggregation from multiple AWS services, visualizations of security data, the ability to perform deep dives into security incidents, and integration with other AWS security services like GuardDuty and Security Hub.

Where to use

Amazon Detective is primarily used in the field of cloud security, particularly for organizations that utilize AWS infrastructure. It is suitable for security teams looking to enhance their incident response capabilities and improve their overall security posture.

MCP Server

This project is an MCP (Multi-Agent Conversation Protocol) Server for the given OpenAPI URL - https://api.apis.guru/v2/specs/amazonaws.com/detective/2018-10-26/openapi.json, auto-generated using AG2’s MCP builder.

Prerequisites

• Python 3.9+
• pip and uv

Installation

1. Clone the repository:

   git clone <repository-url>
   cd mcp-server
   

2. Install dependencies:
   The .devcontainer/setup.sh script handles installing dependencies using pip install -e ".[dev]". If you are not using the dev container, you can run this command manually.

   pip install -e ".[dev]"
   

   Alternatively, you can use uv:

   uv pip install --editable ".[dev]"
   

Development

This project uses ruff for linting and formatting, mypy for static type checking, and pytest for testing.

Linting and Formatting

To check for linting issues:

ruff check

To format the code:

ruff format

These commands are also available via the scripts/lint.sh script.

Static Analysis

To run static analysis (mypy, bandit, semgrep):

./scripts/static-analysis.sh

This script is also configured as a pre-commit hook in .pre-commit-config.yaml.

Running Tests

To run tests with coverage:

./scripts/test.sh

This will run pytest and generate a coverage report. For a combined report and cleanup, you can use:

./scripts/test-cov.sh

Pre-commit Hooks

This project uses pre-commit hooks defined in .pre-commit-config.yaml. To install the hooks:

pre-commit install

The hooks will run automatically before each commit.

Running the Server

The MCP server can be started using the mcp_server/main.py script. It supports different transport modes (e.g., stdio, sse).

To start the server (e.g., in stdio mode):

python mcp_server/main.py stdio

The server can be configured using environment variables:

• CONFIG_PATH: Path to a JSON configuration file (e.g., mcp_server/mcp_config.json).
• CONFIG: A JSON string containing the configuration.
• SECURITY: Environment variables for security parameters (e.g., API keys).

Refer to the if __name__ == "__main__": block in mcp_server/main.py for details on how these are loaded.

The tests/test_mcp_server.py file demonstrates how to start and interact with the server programmatically for testing.

Building and Publishing

This project uses Hatch for building and publishing.
To build the project:

hatch build

To publish the project:

hatch publish

These commands are also available via the scripts/publish.sh script.