Back to All Checks
High GuardDuty Regional

GuardDuty EKS Audit Log Monitoring should be enabled

FSBP

Description

This control checks whether GuardDuty EKS Audit Log Monitoring is enabled. For a standalone account, the control fails if GuardDuty EKS Audit Log Monitoring is disabled. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts do not have EKS Audit Log Monitoring enabled. GuardDuty EKS Audit Log Monitoring helps detect potentially suspicious activities in Amazon Elastic Kubernetes Service (Amazon EKS) clusters. It uses Kubernetes audit logs to capture chronological activities from users, applications using the Kubernetes API, and the control plane.

Remediation

To enable GuardDuty EKS Audit Log Monitoring, you need to configure the EKS protection settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'EKS Protection'
  4. Enable 'EKS Audit Log Monitoring'
  5. Configure the monitoring settings as needed
  6. Save the configuration
  7. Verify that EKS audit log monitoring is active

Compliance

FSBP
Start Your Free Security Check