EKS Anonymous API Access Detection Rule

[bcpenta]

Background

This change introduces a new detection rule for identifying anonymous API access to the Kubernetes API server in Amazon EKS clusters. Anonymous access should be disabled in production environments to prevent unauthorized access, as it poses a potential security risk. Detecting anonymous requests helps ensure that EKS clusters are properly configured for secure API usage.

Changes

• Added a new detection rule Amazon.EKS.AnonymousAPIAccess to monitor and detect anonymous API requests to the Kubernetes API server.
• Included a YAML configuration for the rule with severity set to medium and associated MITRE ATT&CK references.
• Provided test cases to validate both anonymous and non-anonymous API requests.
• Documented remediation steps and runbook reference to disable anonymous access in the Kubernetes configuration.

Testing

• Ran panther_analysis_tool to validate the new detection rule and test cases.
• Verified that the test cases pass for both anonymous and non-anonymous API access scenarios.
• Ensured that the rule raises an alert for anonymous API requests and remains silent for authenticated API requests.

[ben-githubs]

Thanks for the contribution! I just made some minor changes to formatting and packs to make the checks pass. The test and validate checks are currently broken for external contributions; we have another PR pending that should resolve this!