AWS EC2 new event for EKS Node Group
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when an AWS EKS node group makes a new API call.
Strategy
This rule sets a baseline for host activity across an AWS EKS node group, and enables detection of potentially anomalous activity when a node group makes a new API call.
A new API call from a node group can indicate an attacker gaining a foothold within the system and trying API calls not normally associated with this node group.
Triage and response
- Investigate API activity for the AWS EKS node group to determine if the specific API call is malicious.
- Review any other security signals for the AWS EKS node group.
- If the activity is deemed malicious:
- If possible, isolate the compromised hosts.
- Determine what other API calls were made by the EKS node group.
- Begin your organization’s incident response process and investigate.
