GuardDuty EKS Protection

Jan 1, 0001

Definition

GuardDuty EKS Protection is a feature of AWS GuardDuty that provides threat detection and monitoring for Amazon Elastic Kubernetes Service (EKS) clusters. It analyzes Kubernetes audit logs to identify suspicious activity, such as unauthorized access attempts, privilege escalation, and anomalous API calls, helping to secure containerized applications running on EKS by alerting administrators to potential security threats.

Secure Settings Example

apiVersion: v1
kind: ConfigMap
metadata:
  name: guardduty-eks-protection
  namespace: kube-system
data:
  enableGuardDuty: "true"
  logLevel: "info"
  auditLog:
    enabled: true
    logRetentionDays: 90

Insecure Settings Example

apiVersion: v1
kind: ConfigMap
metadata:
  name: guardduty-eks-protection
  namespace: kube-system
data:
  enableGuardDuty: "false"
  logLevel: "debug"
  auditLog:
    enabled: false
    logRetentionDays: 0

GuardDuty EKS Protection

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter