Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters
AWS News Blog
Amazon GuardDuty has expanded its Extended Threat Detection capabilities to include enhanced security monitoring for Amazon EKS (Elastic Kubernetes Service) clusters.
- Introduces a new critical severity finding type that correlates security signals across EKS audit logs, container runtime behaviors, and AWS API activity
- Helps detect sophisticated multistage attacks targeting containerized applications
- Can identify complex attack patterns like container exploitation and privilege escalation
- Provides detailed findings with timeline, MITRE ATT&CK® mapping, and remediation recommendations
- Requires enabling EKS Protection or Runtime Monitoring (recommended to enable both)
The new feature helps security teams quickly identify and respond to potential Kubernetes cluster compromises by providing comprehensive visibility into attack sequences.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 17
2025
2025
Amazon GuardDuty Extended Threat Detection now supports Amazon EKS
Dec 2
2025
2025
Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS
Dec 2
2025
2025
Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS
Dec 2
2024
2024
Amazon GuardDuty introduces GuardDuty Extended Threat Detection
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.