Posted On: Sep 14, 2023

Amazon GuardDuty announces a new capability in GuardDuty EKS Runtime Monitoring that allows you to selectively configure which Amazon Elastic Kubernetes Service (Amazon EKS) clusters are to be monitored for threat detection. Previously, configurability was at the account level only. With this added cluster-level configurability, customers can now selectively monitor EKS clusters for threat detection or continue to use account level configurability to monitor all EKS clusters in a given account and region.  

Amazon GuardDuty is a native AWS threat detection service that protects accounts, workloads, and data by continuously monitoring log and networking activity to identify malicious behavior using machine learning, anomaly detection, and AWS-developed and industry leading third-party threat intelligence. Amazon GuardDuty EKS Runtime Monitoring expands GuardDuty threat detection through a lightweight, fully managed security agent that analyzes operating system-level behavior, such as file access, process execution, and network connections. GuardDuty combines the newly added runtime visibility with existing control plane and networking visibility to help you identify and respond to threats targeting applications and data running in containerized workloads.