Back to All Checks
Medium GuardDuty Regional

GuardDuty EKS Runtime Monitoring should be enabled

PCI DSS v4.0.1PCI DSS v11.5.1

Description

This control checks whether GuardDuty EKS Runtime Monitoring with automated agent management is enabled. For a standalone account, the control fails if GuardDuty EKS Runtime Monitoring with automated agent management is disabled. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts do not have EKS Runtime Monitoring with automated agent management enabled. EKS Protection in Amazon GuardDuty provides threat detection coverage to help you protect Amazon EKS clusters within your AWS environment. EKS Runtime Monitoring uses operating system-level events to help you detect potential threats in EKS nodes and containers within your EKS clusters.

Remediation

To enable GuardDuty EKS Runtime Monitoring, you need to configure the EKS Runtime Monitoring settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'EKS Protection'
  4. Enable 'EKS Runtime Monitoring'
  5. Configure the automated agent management settings
  6. Save the configuration
  7. Verify that EKS Runtime Monitoring is active

Compliance

PCI DSS v4.0.1PCI DSS v11.5.1
Start Your Free Security Check