AWS – Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters
Amazon GuardDuty has expanded coverage to continuously monitor and profile Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity to identify malicious or suspicious behavior that represents potential threats to container workloads. Amazon GuardDuty for EKS Protection monitors control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts. GuardDuty is integrated with Amazon EKS, giving it direct access to the Kubernetes audit logs without requiring you to turn on or store these logs. Once a threat is detected, GuardDuty generates a security finding that includes container details such as pod ID, container image ID, and associated tags. GuardDuty for EKS Protection will be enabled by default for all new and existing GuardDuty accounts, and will not require any additional configuration of GuardDuty or Amazon EKS.
Read More for the details.