Posted On: Nov 9, 2023

Amazon GuardDuty has incorporated new machine learning techniques to more accurately detect anomalous activities indicative of threats to your Amazon Elastic Kubernetes Service (Amazon EKS) clusters. This new capability continuously models Kubernetes audit log events from Amazon EKS to detect highly suspicious activity such as unusual user access to Kubernetes secrets that can be used to escalate privileges, and suspicious container deployments with images not commonly used in the cluster or account. The new threat detections are available for all GuardDuty customers that have GuardDuty EKS Audit Log Monitoring enabled.

The new machine learning approach establishes normal behavior based on features such as pod or container configuration, autonomous system number (ASN), or user agent. This allows GuardDuty to more accurately identify abnormal activity in your Amazon EKS clusters associated with known attack tactics, including discovery, credential access, privilege escalation, and execution.

The new capabilities are now available in all AWS Regions where GuardDuty is available, excluding AWS Europe (Spain), AWS Europe (Zurich), AWS Asia Pacific (Hyderabad), AWS Asia Pacific (Melbourne), AWS GovCloud (US) Regions and AWS China Regions.

To get started: