Details
I am looking for similar issue. Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use
Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV.
If you filter for Inbound connections , it will show you which pods are accessible from internet . Keep in mind that the UI has a 5k connection limit. To get the full picture , will need to use API.
I am not 100% sure if this is accurate. For example the port numbers listed seems to be odd. I mean i have seen port numbers > 65k being listed which does not look right. I have a support case open to get clarifications and more information but overall at the moment , this seems to be a good starting point to get visibility on potential internet exposed resources. It will make sense to validate those internally just to ensure what lacework is providing is accurate or not.
There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections
Hope this helps. Let me know your thoughts OR if you found different way to accomplish the same
Thank you
Thanks for the details there
I’m also using a tool called Intruder (a nice front-end to Nessus vulnerability scanning) that has a great integration with our cloud environments that monitors for new resource creation and address assignment, then adds them to the queue for scanning.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.