Amazon Elastic Kubernetes Service
Version: AWS Log Forwarder v1.0.10 and above.
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service to run Kubernetes on Amazon Web Services (AWS) without installing, operating, and maintaining a Kubernetes control plane or nodes.
Applications running on Amazon EKS are compatible with the standard Kubernetes environment, so you can migrate any standard Kubernetes application to Amazon EKS without code modification.
Netsurion Open XDR monitors events from Amazon EKS by parsing the AWS CloudTrail logs. Dashboards and reports in Netsurion Open XDR allow you to monitor overall actions performed related to the Amazon EKS service to keep you informed about its activities. It will trigger alerts whenever an action critical to the application is carried out.
For a new instance, integrate the AWS instance to Netsurion Open XDR using the Netsurion integrator Lambda function, which will in turn deliver logs to Netsurion Open XDR from AWS. For an already-integrated AWS instance, make sure to update to AWS Log Forwarder to v1.0.10 or above.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Amazon EKS – Add-on deletion attempt | This will trigger an alert if an attempt to delete an add-on to the Amazon EKS cluster is detected. |
| Security | Amazon EKS – Cluster deletion attempt | This will trigger an alert if an attempt to delete an Amazon EKS cluster is made. |
| Security | Amazon EKS – Fargate profile deletion attempt | This will trigger an alert if an attempt to delete an AWS Fargate profile is made in an Amazon EKS cluster. |
| Security | Amazon EKS – Node group deletion attempt | This will trigger an alert if an attempt is made to delete a node group in an Amazon EKS cluster. |
Reports
| Type | Name | Description |
|---|---|---|
|
Security |
Amazon EKS – Cluster activity |
This report will give a detailed overview of the actions that are triggered in all the AWS EKS instances. It gives information about the action, the time the action was triggered, user information related with it, and other cluster-related information. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and ETS AWS LogForwarder v1.0.10 and above.
Download Integration Guide and How-to Guide for configuration instructions and more information.