How to investigate and take action on security issues in Amazon EKS clusters with Amazon Detective – Part 2

Investigate with Amazon DetectiveIn the five phases we walked through in part 1, we discussed GuardDuty findings and MITRE ATT&CK tactics that can help you detect and understand each phase of the unauthorized activity, from the initial misconfiguration to the impact on our application when the EKS cluster is used for crypto mining. For our walkthrough, we’ll start our investigation from the GuardDuty finding and use the EKS cluster resource to pivot to the Detective console, as shown in Figure 7. Changing the scope time might change the containers that are listed in the table shown in Figure 9.: Based on the architecture related to this cluster, you might be able to use this information to determine whether there are unauthorized containers.