Amazon GuardDuty Extended Threat Detection now supports Amazon EKS
News
AWS has enhanced Amazon GuardDuty Extended Threat Detection to support Amazon EKS security with advanced multi-stage attack detection capabilities.
- Correlates security signals across EKS audit logs, runtime behavior, malware execution, and AWS API activity
- Uses AI and machine learning to detect complex attack sequences across multiple resources
- Can identify sophisticated threats like privileged container deployments, crypto mining, and reverse shell creation
- Automatically generates critical-severity findings with detailed incident summaries and MITRE ATT&CK® mappings
- Enabled automatically for all GuardDuty customers at no additional cost
- Requires enabling GuardDuty EKS Protection and recommended Runtime Monitoring
The enhancement aims to help customers quickly identify and respond to sophisticated Kubernetes cluster attacks with minimal manual analysis.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 17
2025
2025
Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters
Dec 2
2025
2025
Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS
Dec 2
2025
2025
Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS
Dec 2
2024
2024
Amazon GuardDuty introduces GuardDuty Extended Threat Detection
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.