Posted On: Jul 7, 2023

The Amazon GuardDuty EKS Runtime Monitoring eBPF security agent now supports Amazon Elastic Kubernetes Service (Amazon EKS) workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors. Additionally, the new agent version (1.2.0) introduces performance enhancements, built-in CPU and memory utilization limits, and support for Amazon EKS 1.27 clusters. If you use GuardDuty EKS Runtime Monitoring with automated agent management then GuardDuty will automatically upgrade the security agent for your Amazon EKS clusters. If you are not using automated agent management, you are responsible for upgrading the agent manually. You can view the current agent version running in your Amazon EKS clusters in the EKS clusters runtime coverage page of the GuardDuty console. If you are not yet using GuardDuty EKS Runtime Monitoring, you can enable the feature for a 30-day free trial with a few steps.

Amazon GuardDuty EKS Runtime Monitoring continuously monitors and profiles container runtime activity to identify malicious or suspicious behavior within container workloads. Using a lightweight, fully-managed eBPF security agent, GuardDuty monitors on-host operating system-level behavior, such as file access, process execution, and network connections. Once a potential threat is detected, GuardDuty generates a security finding that pinpoints the specific container, and includes details such as pod ID, image ID, EKS cluster tags, executable path, and process lineage.