How does Incident Response differ for EKS? What types of data, logs, and artifacts are involved from both the host as well as the service/control plane (AWS)? How do you effectively collect and analyze data from your EKS environment in AWS to perform a comprehensive investigation and root cause analysis (RCA)? This session will walk you through a variety of specific EKS security scenarios to help you understand what capabilities you need to respond to and analyze possible EKS security incidents, including options for cloud-native tooling to effectively search and analyze service/control plane logs as well as forensic tooling to analyze EKS evidence (disk and memory).
SANS DFIR Summit 2023
Speaker: Jonathon Poling, Principal Consultant -Threat Detection/Incident Response, Amazon Web Services (AWS)
View upcoming Summits: www.sans.org/u/DuS