Best answer by robert5156 5 September 2023, 05:59
@julian.harty Did you figure out a way to accomplish your original ask.
I am looking for similar issue. Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use
Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV.
If you filter for Inbound connections , it will show you which pods are accessible from internet . Keep in mind that the UI has a 5k connection limit. To get the full picture , will need to use API.
I am not 100% sure if this is accurate. For example the port numbers listed seems to be odd. I mean i have seen port numbers > 65k being listed which does not look right. I have a support case open to get clarifications and more information but overall at the moment , this seems to be a good starting point to get visibility on potential internet exposed resources. It will make sense to validate those internally just to ensure what lacework is providing is accurate or not.
There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections
Hope this helps. Let me know your thoughts OR if you found different way to accomplish the same
Thanks for the details there @robert5156 -- I’ll have to give this a try on my end.
I’m also using a tool called Intruder (a nice front-end to Nessus vulnerability scanning) that has a great integration with our cloud environments that monitors for new resource creation and address assignment, then adds them to the queue for scanning.
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.