Azure Kubernetes Service (AKS) Forensics & Incident Response
Welcome to the next in our series of training videos on Cloud Forensics!
What is Azure Kubernetes Service?
Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage containerized applications in the cloud.
AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to the Azure cloud.
As a hosted Kubernetes service, AKS is quickly becoming a popular choice for developers and enterprises that want to deploy applications in containers.
Monitoring AKS with Sentinel
- Azure Security Center (ASC) AKS threat protection
- Azure Diagnostics logs
- Third party tool alert integration
Logs in AKS
Acquiring AKS Forensic Data
Cado Response can collect the full contents of containers running on AKS by retrieving a copy of the container disk or files over the Kubernetes Control plane using Cado Host:
