Jump to content

Amazon Detective supports security investigations for workloads on Amazon EKS

Recommended Posts

Amazon Detective now helps to analyze, investigate, and identify the root cause of security findings or suspicious control plane activity on Amazon Elastic Kubernetes Service (Amazon EKS) clusters. Amazon Detective uses Amazon EKS audit logs to automatically extract new entities, such as EKS clusters, container pods, and user accounts, and then builds a profile for each of the entities based on their activity history. Detective then layers the entity profiles with Amazon GuardDuty Kubernetes Protection findings that are created when potential threats or suspicious behavior are identified on your Amazon EKS clusters. This new Detective capability can assist you to more quickly answers questions such as: which Kubernetes API methods were called by a Kubernetes user account showing signs of compromise, which pods are hosted in an Amazon Elastic Compute Cloud (Amazon EC2) instance that was included in a Amazon GuardDuty finding, or which containers were spawned from a potentially malicious container image.

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...