How to identify Internet accessible nodes and container pods ( inbound from internet)?

Question

Hi,Looking for some advice.Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV. There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections I am not 100% sure if this is accurate. Also this does not tell what ports are open for inbound connections ( some of the ports listed are >65k which seems to be odd as well)Wondering if anyone had figured out the correct way to “Identify Internet accessible nodes and container pods ( inbound from internet)?”. Thanks in advanceAgentLinux 6.6XPlatformUsing Lacework/OperationalizingCloudGCP

Alex Shutt · Answer

Hi!We have a new feature called “Attack Path Analysis”, part of which does exactly this - identifying Internet exposed instances based on your cloud configuration. It’s currently in Public Preview for GCP - reach out to your account team if you’d like it enabled on your account!Please see our announcement in Release Notes here:https://docs.lacework.net/releases/2023-08-platform-releasesand the general documentation here:https://docs.lacework.net/console/attack-path-analysis-overview#about-attack-pathsBest regards,Alex

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded