How to investigate and take action on security issues in Amazon EKS clusters with Amazon Detective – Part 2
In part 1 of this two-part series, How to detect security issues in Amazon EKS cluster using Amazon GuardDuty, we walked through a real-world observed security issue in an Amazon Elastic Service (Amazon EKS) cluster and saw how Amazon GuardDuty detected each phase by following MITRE ATT&
Investigate with Amazon DetectiveIn the five phases we walked through in part 1, we discussed GuardDuty findings and MITRE ATT&CK tactics that can help you detect and understand each phase of the unauthorized activity, from the initial misconfiguration to the impact on our application when the EKS cluster is used for crypto mining. For our walkthrough, we’ll start our investigation from the GuardDuty finding and use the EKS cluster resource to pivot to the Detective console, as shown in Figure 7. Changing the scope time might change the containers that are listed in the table shown in Figure 9.: Based on the architecture related to this cluster, you might be able to use this information to determine whether there are unauthorized containers.
Source read time: 18 min - aws.amazon.com
Also offered in: Nederlands