AWS Security ChangesHomeSearch

AWS guardduty high security documentation change

Service: guardduty · 2025-06-19 · Security-related high

File: guardduty/latest/ug/guardduty_finding-types-active.md

Summary

Added new AttackSequence:EKS/CompromisedCluster finding type with associated data sources including EKS audit logs, runtime monitoring, malware detection, and CloudTrail/VPC/DNS logs

Security assessment

The addition of a new attack sequence detection specifically for EKS clusters indicates enhanced security monitoring for Kubernetes-related compromises. This directly addresses potential security vulnerabilities in containerized environments by correlating multiple security signals.

Diff

diff --git a/guardduty/latest/ug/guardduty_finding-types-active.md b/guardduty/latest/ug/guardduty_finding-types-active.md
index 44738b100..44c26bd9b 100644
--- a//guardduty/latest/ug/guardduty_finding-types-active.md
+++ b//guardduty/latest/ug/guardduty_finding-types-active.md
@@ -95,0 +96,11 @@ Finding type | Resource type | Foundational data source/Feature | Finding severi
+[AttackSequence:EKS/CompromisedCluster](./guardduty-attack-sequence-finding-types.html#attack-sequence-eks-compromised-cluster) |  Resources involved in attack sequence | 
+
+  * EKS audit log events
+  * Runtime Monitoring for Amazon EKS
+  * Amazon EKS malware detection for Amazon EC2
+  * AWS CloudTrail data events for S3
+  * AWS CloudTrail management events
+  * VPC Flow Logs
+  * Route53 Resolver DNS query logs
+
+|  Critical