Upgrade to Pro — share decks privately, control downloads, hide ads and more …

5min GuardDuty Extended Threat Detection EKS

5min GuardDuty Extended Threat Detection EKS

Avatar for takakuni

takakuni

June 30, 2025
Tweet

More Decks by takakuni

Other Decks in Technology

Transcript

  1. 10 今までの GuardDuty Threat Detection 1. EC2 finding types 2.

    IAM finding types 3. S3 Protection finding types 4. EKS Protection finding types 5. GuardDuty Runtime Monitoring finding types 6. Malware Protection for EC2 finding types 7. Malware Protection for S3 finding type 8. RDS Protection finding types 9. Lambda Protection finding types
  2. 11 これからの GuardDuty Threat Detection 1. EC2 finding types 2.

    IAM finding types 3. S3 Protection finding types 4. EKS Protection finding types 5. GuardDuty Runtime Monitoring finding types 6. Malware Protection for EC2 finding types 7. Malware Protection for S3 finding type 8. RDS Protection finding types 9. Lambda Protection finding types 10. GuardDuty attack sequence finding types(NEW !)
  3. • AttackSequence:IAM/CompromisedCredentials ◦ IAM が侵害されている可能性が⾼い場合に検出 • AttackSequence:S3/CompromisedData ◦ S3 が漏洩している可能性が⾼い場合に検出

    • AttackSequence:EKS/CompromisedCluster(NEW) ◦ Amazon EKS クラスター内で⼀連の疑わしいアクショ ンがあった場合に検出される 16 GuardDuty attack sequence finding types
  4. • EKS audit log events • AWS CloudTrail data events

    for S3 • AWS CloudTrail management events • VPC Flow Logs • Route53 Resolver DNS query logs • Amazon EKS malware detection for Amazon EC2 • Runtime Monitoring for Amazon EKS 19 参照するソース
  5. • 拡張脅威検出は⼀連の脅威を連なった形で検出する脅威タイプ ◦ 今回新たに EKS クラスターの脅威タイプが加わった • 複数のデータソースから脅威を検出 ◦ ⼀部のデータソースはユーザー側の設定がなくとも、

    GuardDuty 側で独⽴して収集してくれる • EKS Protection または Runtime Monitoring for Amazon EKS のど ちらも有効化して最⼤限機能を活かしましょう! 22 まとめ