AWS guardduty high security documentation change
Summary
Added new AttackSequence:EKS/CompromisedCluster finding type with associated data sources including EKS audit logs, runtime monitoring, malware detection, and CloudTrail/VPC/DNS logs
Security assessment
The addition of a new attack sequence detection specifically for EKS clusters indicates enhanced security monitoring for Kubernetes-related compromises. This directly addresses potential security vulnerabilities in containerized environments by correlating multiple security signals.
Diff
diff --git a/guardduty/latest/ug/guardduty_finding-types-active.md b/guardduty/latest/ug/guardduty_finding-types-active.md index 44738b100..44c26bd9b 100644 --- a//guardduty/latest/ug/guardduty_finding-types-active.md +++ b//guardduty/latest/ug/guardduty_finding-types-active.md @@ -95,0 +96,11 @@ Finding type | Resource type | Foundational data source/Feature | Finding severi +[AttackSequence:EKS/CompromisedCluster](./guardduty-attack-sequence-finding-types.html#attack-sequence-eks-compromised-cluster) | Resources involved in attack sequence | + + * EKS audit log events + * Runtime Monitoring for Amazon EKS + * Amazon EKS malware detection for Amazon EC2 + * AWS CloudTrail data events for S3 + * AWS CloudTrail management events + * VPC Flow Logs + * Route53 Resolver DNS query logs + +| Critical