Posted On: May 15, 2024
Amazon Detective now supports retrieving Amazon Elastic Kubernetes Service (Amazon EKS) audit logs from Amazon Security Lake. With this launch, Detective customers leveraging the Security Lake integration can query and analyze Amazon EKS audit logs in addition to AWS CloudTrail and Amazon VPC Flow Logs. This enhancement enables more comprehensive investigations into potential security issues involving Amazon EKS workloads.
By integrating Amazon EKS audit logs, Detective provides security analysts with deeper visibility into Kubernetes API calls and activities within EKS clusters. Amazon Detective is a managed security service that simplifies the investigation process by building data aggregations, summaries, and visualizations based on security findings and activity logs. Alongside EKS support, Detective now supports OCSF v1.1.0, enchancing query performance for your security analytics. This allows for more effective threat detection, incident response, and compliance auditing for containerized applications. The integration seamlessly surfaces relevant Amazon EKS logs during investigations, accelerating the analysis process without the need to switch between multiple tools.
This new capability is available in all AWS Regions where both Amazon Detective and Amazon Security Lake are available. For the list of supported Regions, refer to the AWS Regional Services list.
To get started, visit the Detective console and enable the Security Lake integration. You can find guidance on querying Amazon EKS audit logs in the Amazon Detective User Guide. For more information about Amazon Detective, visit the service page.