...
Observability & Monitoring use-cases
Security Event Monitoring:
- File Integrity Monitoring: Any changes to the systems folders should be monitored/audited.
- Reverse Shell execution
- Use of security sensitive primitives: setuid(), setguid(),chmod(),chown(),
- Updates to root certificates folder
- Use of
kubectl exec
to gain shell access in the pod - Privilege escalation attempted
- Monitor for external networks access
- Suspicious IP detection (for e.g. using Feodo Blocked IP List)
- Monitor for use of DGA (Domain Generation Algorithms) in the workload
...
- Excessive CPU usage: >90% of CPU used consistently for > 2 mins
- Excessive Memory usage: >80% of allocated memory used
- ...
Goals
Components
- Open Horizon - to deliver and manage running workloads
- KubeArmor - to monitor and enforce security policy on host and workloads
- HomeAssistant - example service
Protection: Hardening use-cases
...