Amazon GuardDuty now monitors runtime activity from containers running on Amazon EKS

Amazon GuardDuty expands threat detection coverage to continuously monitor and profile Amazon Elastic Kubernetes Service (Amazon EKS) container runtime activity to identify malicious or suspicious behavior within container workloads. GuardDuty EKS Runtime Monitoring introduces a new lightweight, fully-managed security agent that monitors on-host operating system-level behavior, such as file access, process execution, and network connections. Once a potential threat is detected, GuardDuty generates a security finding that pinpoints the specific container, and includes details such as pod ID, image ID, EKS cluster tags, executable path, and process lineage. GuardDuty EKS Runtime monitoring includes over two dozen new detections at launch, which when combined with GuardDuty EKS Audit Log Monitoring, amounts to more than 50 detections that are tailored to identify threats to Amazon EKS deployments.

Source:: Amazon AWS