Skip to content

A curated list of resources about detecting threats and defending Kubernetes systems.

Notifications You must be signed in to change notification settings

jatrost/awesome-kubernetes-threat-detection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 

Repository files navigation

Awesome Kubernetes (K8s) Threat Detection Awesome

A curated list of resources about detecting threats and defending Kubernetes systems.

Contents

Books

Conferences

Talks and videos

All of these videos can also be found in this YouTube playlist.

Detection

Hardening

Attacks

Supply Chain

Networking

Blogs and Articles

Detection

Hardening

Attacks

TTPs / Attack Matrices

Tools

Detection

Hardening

  • seccomp - "can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel."
  • AppArmor - "AppArmor is a Linux kernel security module that supplements the standard Linux user and group based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce its potential attack surface and provide greater in-depth defense."
  • Kubernetes Network Policy Recipes
  • OPA Gatekeeper - "A customizable cloud native policy controller that helps enforce policies and strengthen governance"

Simulation / Experimentation

Attack

Platforms

  • m9sweeper - "m9sweeper is a free and easy kubernetes security platform. It integrates industry-standard open source utilities into a one-stop-shop kubernetes security tool that can walk most kubernetes adminstrators through securing a kubernetes cluster as well as the apps running on the cluster."
  • anchore - "Software Composition Analysis from Code to Cloud: Enables security teams to find every piece of software in cloud native applications. Block and fix security issues in minutes rather than days."
  • Prisma Cloud Compute Edition (formerly Twistlock) - "Prisma Cloud secures applications from code to cloud, enabling security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment."
  • sysdig - "Sysdig is a universal system visibility tool with native support for containers"
  • Aqua Security - "Unified Cloud Security: Accelerate secure innovation and protect your entire development lifecycle from code to cloud and back."

Misc

Detection Rules and Analytics

People

All the twitter accounts below are on this Twitter list: awesome-k8-threat-detect

About

A curated list of resources about detecting threats and defending Kubernetes systems.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published