Amazon Elastic Kubernetes Service

Version: AWS Log Forwarder v1.0.10 and above.

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service to run Kubernetes on Amazon Web Services (AWS) without installing, operating, and maintaining a Kubernetes control plane or nodes.

Applications running on Amazon EKS are compatible with the standard Kubernetes environment, so you can migrate any standard Kubernetes application to Amazon EKS without code modification.

Netsurion monitors events from Amazon EKS by parsing the AWS CloudTrail logs. Dashboards and reports in Netsurion allow you to monitor overall actions performed related to the Amazon EKS service to keep you informed about its activities. It will trigger alerts whenever an action critical to the application is carried out.

For a new instance, integrate the AWS instance to Netsurion using the Netsurion integrator Lambda function, which will in turn deliver logs to Netsurion from AWS.For an already-integrated AWS instance, make sure to update to AWS Log Forwarder to v1.0.10 or above.

Once configured to deliver events to Netsurion Manager, the alerts, dashboards, and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Amazon EKS - Add-on deletion attempt This will trigger an alert if an attempt to delete an add-on to the Amazon EKS cluster is detected.
Security Amazon EKS - Cluster deletion attempt This will trigger an alert if an attempt to delete an Amazon EKS cluster is made.
Security Amazon EKS - Fargate profile deletion attempt This will trigger an alert if an attempt to delete an AWS Fargate profile is made in an Amazon EKS cluster.
Security Amazon EKS - Node group deletion attempt This will trigger an alert if an attempt is made to delete a node group in an Amazon EKS cluster.

Reports

Type Name Description
Security Amazon EKS - Cluster activity This report will give a detailed overview of the actions that are triggered in all the AWS EKS instances. It gives information about the action, the time the action was triggered, user information related with it, and other cluster-related information.

Documentation

The configuration details are consistent with the Netsurion Open XDR platform version 9.3 and later, and ETS AWS LogForwarder.

Download Integration Guide and How-to Guide for more information and to configuration instructions.