# [AG.ACG.3] Automate deployment of detective controls
<a name="ag.acg.3-automate-deployment-of-detective-controls"></a>

 **Category:** FOUNDATIONAL 

 Perform rapid and consistent detection of potential security issues or misconfigurations by deploying automated, centralized detective controls. Automated detective controls are guardrails which continuously monitor the environment, quickly identifying potential risks, and potentially mitigating them. 

 Use a *compliance as code* approach to integrate compliance rules into deployment pipelines. Additionally, implement detective rules in the environment for real-time checks. Leveraging artificial intelligence (AI) and machine learning (ML) can further enhance the capability to monitor and detect non-compliant configurations or complex security threats. 

**Related information:**
+  [Cloud Security Posture Management (CSPM) - AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) 
+  [AWS Config and AWS Organizations - AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html) 
+  [Intelligent Threat Detection - Amazon GuardDuty](https://aws.amazon.com/guardduty/) 
+  [Building Prowler into a QuickSight powered AWS Security Dashboard](https://catalog.us-east-1.prod.workshops.aws/workshops/b1cdc52b-eb11-44ed-8dc8-9dfe5fb254f5/en-US)