Auditing Kubernetes with Open Source SIEM and XDR

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers. It organizes containers into logical units for simple management and discovery. Kubernetes extends how we scale containerized applications so that we may use a truly persistent infrastructure. You can build cloud-native applications based on microservices with Kubernetes. Enthusiasts view Kubernetes as the cornerstone of application modernization. The complexity of running programs grows when they spread across several servers and containers. To handle this complexity, Kubernetes offers an open source API that manages where and how those containers will execute. Kubernetes incorporates load balancing, controls service discovery, keeps track of resource allocation, and scales based on compute use. It assesses the condition of each resource and gives programs the ability to self-fix by replicating containers or restarting them automatically. Some of these policies enhance the cyber resilience of the IT infrastructure, for example, PCI DSS and GDPR. The Kubernetes cluster is part of the IT infrastructure, and organizations should ensure they comply with policies and security best practices where applicable. One of the requirements that appear in most IT policy documents is the log retention policy. Log retention policies dictate how long you should store logs. You can use these logs to identify threats during active monitoring and incident investigation. Administrators interact with the Kubernetes cluster via the Kubernetes API, and the cluster can log all API requests and responses. You can detect unusual or unwanted API calls from the Kubernetes audit logs. In more detail, you can get alerts for events such as authentication failure, container creation, modification, and deletion. The Kubernetes audit logging feature is disabled by default. You need to monitor the audit logs to detect security threats and anomalies. You need to index the logs to search for relevant information during an incident investigation. Wazuh monitors, stores, and indexes the Kubernetes audit logs. Wazuh is an open source unified XDR and SIEM platform. The Wazuh development team has a detailed guide on auditing Kubernetes with Wazuh. You can create custom rules to trigger alerts when Wazuh detects specific events in the Kubernetes audit log. You can create rules to trigger alerts when resources are created or deleted on the Kubernetes cluster. You can configure Wazuh to display all archived logs on the dashboard. These are logs of Kubernetes events that did not trigger an alert. The Wazuh indexer is a highly scalable full-text search and analytics engine. The indexer indexes and stores the Kubernetes audit logs to provide you with real-time data search and analytics capabilities. The Wazuh indexer increases efficiency during an incident investigation when you need to retrieve relevant data from the audit logs. Kubernetes is widely used to deploy, scale, and manage applications. You should maintain Kubernetes audit logs for security and compliance purposes. The audit logs contain data that can indicate unusual or unwanted activities. Wazuh is an open source XDR and SIEM solution that monitors, archives, and queries Kubernetes audit logs to identify security threats and other anomalies. Wazuh also protects other components of an IT infrastructure, including endpoints and cloud workloads. Wazuh has a large community of users who support each other and help to improve the product. You can join the Wazuh community to contribute to the product and request support for any issues you may have.

This Cyber News was published on thehackernews.com. Publication date: Wed, 01 Feb 2023 10:44:02 +0000


Cyber News related to Auditing Kubernetes with Open Source SIEM and XDR

Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit ...
1 year ago Thehackernews.com
Inside the Challenges of XDR Implementation and How to Overcome Them - Unlike endpoint detection and response, which collects only endpoint security telemetry, XDR collects data from native and third-party security domains including endpoints, cloud workloads, identities and more, then aggregates and applies relevant ...
9 months ago Securityboulevard.com
How AI is strengthening XDR to consolidate tech stacks - VentureBeat continues to see CISOs and their security teams migrate from Endpoint Detection and Response to XDR for greater consolidation savings and a more unified view of all attack surfaces and potential threats. XDR is riding a strong wave of ...
7 months ago Venturebeat.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
10 months ago Darkreading.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
10 months ago Darkreading.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
8 months ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
8 months ago Bleepingcomputer.com
Protecting against new Kubernetes threats in 2024 and beyond - A wave of new attacks targeted Kubernetes in 2023: Dero and Monero crypto miners, Scarleteel and RBAC-Buster. Finding an initial foothold with a web app vulnerability, then moving laterally is the hallmark of a Kubernetes attack. Understanding the ...
9 months ago Venturebeat.com
Stellar & Blackberry Join to Deliver Open XDR to MSSPs and Enterprise - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR, has entered into a new partnership with BlackBerry to deliver a comprehensive threat detection and response solution ...
9 months ago Americansecuritytoday.com
The Noticeable Shift in SIEM Data Sources - SIEM solutions didn't work perfectly well when they were first introduced in the early 2000s, partly because of their architecture and functionality at the time but also due to the faults in the data and data sources that were fed into them. While ...
7 months ago Feeds.dzone.com
Extended Detection and Response: The Core Element of Zero-Trust Security - Extending and enhancing threat detection and response capabilities in the face of a growing attack surface is the primary result of XDR when it comes to security efficacy. This outcome can contribute not only to comprehensive protection but also to ...
9 months ago Securityboulevard.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
6 months ago Techrepublic.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
10 months ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
9 months ago Feeds.dzone.com
XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments - PRESS RELEASE. HERZLIYA, Israel, Nov. 29, 2023 /PRNewswire/ - XM Cyber, the leader in hybrid cloud exposure management, today announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes ...
10 months ago Darkreading.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
8 months ago Blog.checkpoint.com
Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
6 months ago Gbhackers.com
Role of Wazuh in building a robust cybersecurity architecture - Building a cybersecurity architecture often requires organizations to integrate various security solutions and tools to provide multi-layer security in an ever-changing threat landscape. The cost associated with implementing some proprietary security ...
8 months ago Bleepingcomputer.com
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes - A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. ...
6 months ago Darkreading.com
5 open-source tools for pentesting Kubernetes you should check out - Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. With its ...
10 months ago Helpnetsecurity.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
4 months ago Techrepublic.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
9 months ago Feeds.dzone.com
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
9 months ago Unit42.paloaltonetworks.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
10 months ago Feeds.dzone.com
MSSPs: Differentiate your Managed Security Offerings with Cisco XDR - As an MSSP, there is no overstating the intense and well-founded focus on pervasive network security. Whether an organization is looking to secure the network, endpoint, email, cloud, applications, identity, or anything in between, security ...
8 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)