AKS-HCI adds Continuous Threat Monitoring for Kubernetes via Azure Defender Integration

Published 06-10-2021 10:29 PM 1,892 Views
Microsoft

AKS-HCI has been designed ground up with a security first approach. We took a comprehensive look at securing AKS-HCI that includes securing the Kubernetes fabric and the Applications that run on it. This is achieved by a combination of in-box/built-in security features and integration with Azure services as shown below.

 

CoreAzureServices.png

 

The table below describes security features that ship with AKS-HCI and extensions via integration with Azure services.

 

FabricAppContainers.png

Our goal is to provide a comprehensive end to end security promise that covers five key aspects, Build Security, Registry Security, Cluster Security, Node Security and Pod Security. The table below describes the security objectives across these goals.

 

Framework.png

Integration with Azure Defender for continuous threat monitoring delivers on the promises of Node security and Pod security. 

 

AKS-HCI is a validated Azure Arc Enabled Kubernetes distribution. Azure Arc enabled clusters are connected to Azure via Arc when they are deployed. This allows automatic deployment of specific Arc extensions that provide monitoring and observability out of the box. Extensions greatly simplify onboarding; customers can deploy Azure integrations with just a few clicks or API calls. Azure Arc enabled Kubernetes ensures that you always have the latest bits and can automatically apply updates as they become available. 

 

Azure Defender is Azure Security Center's integrated cloud workload protection platform (CWPP), bringing advanced, intelligent, protection of Azure and hybrid resources and workloads.

 

Azure Defender for Kubernetes is an Azure Defender service that continuously monitors for threat and raises alerts to defend Kubernetes clusters. Azure Defender for Kubernetes supports AKS-HCI clusters, leveraging Arc extensions capabilities. This integration between AKS-HCI and Azure Defender for Kubernetes brings the following two distinct advantages:

  • Easy provisioning of Azure Defender extensions on AKS-HCI clusters
  • The Azure Defender extensions can be managed from the Azure Arc portal
  • Security recommendations and alerts reported in new Security center page of the Azure Arc portal

As shown in the figure below AKS-HCI clusters are integrated into the Azure Security Center portal

 

portal.png

 

Types of Attacks on Kubernetes Containers detected by Azure Defender for Kubernetes

 

Azure Defender Kubernetes plan offers protection of Kubernetes clusters, both at the orchestration layer and at the node level. The orchestration layer protection monitors Kubernetes API operations to find suspicious and malicious activities in the Kubernetes control plane. 

 

With MITRE ATT&CK’s approach of methodically outlining the possible threats, Microsoft built the Threat Matrix for Kubernetes, which the first attempts to systematically map the attack surface of Kubernetes. An updated version of the matrix was released earlier this year.

In this blog you can find more details on Azure Defender detections with their correlation to  MITRE ATT&CK® for Containers matrix techniques.

The figure below describes the progression of single alert across the different phases (as defined in the MITRE ATT&CK framework)

 

MiTREATTACK.png

 

Some examples of attacks that could be potentially high risk

 

ThreatTable.png

 

For the full list of Kubernetes security alerts along with their relevance to MITRE tactics see: Azure Defender page

 

FAQs

 

How does Azure Defender for Kubernetes work under the hood

You can refer to the architectural overview in this link. Further details in a blog from Yossi Weizman.

 

Q: Do I need to subscribe to Azure Defender before I can add Azure Defender Extension to my Arc enabled Kubernetes Cluster

AKS-HCI is an Azure Arc enabled Kubernetes distribution with an Azure subscription provided as part of the set-up process. To use Azure Defender for Kubernetes threat monitoring the admin needs to add Azure Defender for Kubernetes to the Azure subscription. For more information refer to this link.

 

Q: Is there is free tier for Azure Defender for Arc enabled Kubernetes

Currently, Azure Defender for Azure Arc Enabled Kubernetes is in public preview, during public preview there is no charge for AKS-HCI clusters. The pricing details will be available when the feature is Generally Available.

 

Q: Where can I find deployment steps

AKS-HCI is a validated Azure Arc enabled Kubernetes deployment, the deployment steps can be found on this link. Note this is currently in public preview.

 

Q: Does Azure Defender for Kubernetes generate alerts for both windows and linux worker nodes

Orchestration level alerts that come from api-server and K8 apis are supported agonistic of Operating System. Run-time alerts such as process inspections for malware, privilege escalations etc are OS dependent. Run-time alerts are planned in the near future.

 

Q: Does integration with Azure Defender for Kubernetes cover alerts for servers

No, there is a separate subscription for covering alerts for server, for more information on Azure Defender for servers please refer to this link here

 

 

 

1 Comment

Thank you @sumitlahiri for Sharing this great blogpost with the Community :cool:

%3CLINGO-SUB%20id%3D%22lingo-sub-2439117%22%20slang%3D%22en-US%22%3ERe%3A%20AKS-HCI%20Integrated%20with%20Azure%20Defender%20for%20Kubernetes%20for%20Continuous%20Threat%20Monitoring%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2439117%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F807828%22%20target%3D%22_blank%22%3E%40sumitlahiri%3C%2FA%3E%26nbsp%3Bfor%20Sharing%20this%20great%20blogpost%20with%20the%20Community%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%40B71AFCCE02F5853FE57A20BD4B04EADD%2Fimages%2Femoticons%2Fcool_40x40.gif%22%20alt%3D%22%3Acool%3A%22%20title%3D%22%3Acool%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2437216%22%20slang%3D%22en-US%22%3EAKS-HCI%20adds%20Continuous%20Threat%20Monitoring%20for%20Kubernetes%20via%20Azure%20Defender%20Integration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2437216%22%20slang%3D%22en-US%22%3E%3CP%3EAKS-HCI%20has%20been%20designed%20ground%20up%20with%20a%20security%20first%20approach.%20We%20took%20a%20comprehensive%20look%20at%20securing%20AKS-HCI%20that%20includes%20securing%20the%20Kubernetes%20fabric%20and%20the%20Applications%20that%20run%20on%20it.%26nbsp%3BThis%20is%20achieved%20by%20a%20combination%20of%20in-box%2Fbuilt-in%20security%20features%20and%20integration%20with%20Azure%20services%20as%20shown%20below.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CoreAzureServices.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288504i365666EDE3AEBDAA%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22CoreAzureServices.png%22%20alt%3D%22CoreAzureServices.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20table%20below%20describes%20security%20features%20that%20ship%20with%20AKS-HCI%20and%20extensions%20via%20integration%20with%20Azure%20services.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22FabricAppContainers.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288106iCE4CD09C473E2744%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22FabricAppContainers.png%22%20alt%3D%22FabricAppContainers.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EOur%20goal%20is%20to%20provide%20a%20comprehensive%20end%20to%20end%20security%20promise%20that%20covers%20five%20key%20aspects%2C%20Build%20Security%2C%20Registry%20Security%2C%20Cluster%20Security%2C%20Node%20Security%20and%20Pod%20Security.%20The%20table%20below%20describes%20the%20security%20objectives%20across%20these%20goals.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Framework.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288104i553C04ED4A55409B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Framework.png%22%20alt%3D%22Framework.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EIntegration%20with%20Azure%20Defender%20for%20continuous%20threat%20monitoring%20delivers%20on%20the%20promises%20of%20Node%20security%20and%20Pod%20security.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAKS-HCI%20is%20a%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-arc%2Fkubernetes%2Fvalidation-program%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Evalidated%3C%2FA%3E%20Azure%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-arc%2Fkubernetes%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EArc%20Enabled%3C%2FA%3E%20Kubernetes%20distribution.%20Azure%20Arc%20enabled%20clusters%20are%20connected%20to%20Azure%20via%20Arc%20when%20they%20are%20deployed.%20This%20allows%20automatic%20deployment%20of%20specific%20Arc%20extensions%20that%20provide%20monitoring%20and%20observability%20out%20of%20the%20box.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-arc%2Fupdates-to-azure-arc-enabled-kubernetes%2Fba-p%2F2257140%22%20target%3D%22_blank%22%3EExtensions%3C%2FA%3E%20greatly%20simplify%26nbsp%3Bonboarding%3B%26nbsp%3Bcustomers%26nbsp%3Bcan%20deploy%26nbsp%3BAzure%20integrations%26nbsp%3Bwith%20just%20a%20few%20clicks%26nbsp%3Bor%20API%20calls.%26nbsp%3BAzure%20Arc%20enabled%20Kubernetes%20ensures%20that%20you%20always%20have%20the%20latest%20bits%20and%20can%20automatically%20apply%26nbsp%3Bupdates%20as%20they%20become%20available.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fazure-defender%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Defender%3C%2FA%3E%20is%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-introduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Security%20Center%3C%2FA%3E's%20integrated%20cloud%20workload%20protection%20platform%20(CWPP)%2C%20bringing%20advanced%2C%20intelligent%2C%20protection%20of%20Azure%20and%20hybrid%20resources%20and%20workloads.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsecurity-center%2Fdefender-for-kubernetes-introduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Defender%20for%20Kubernetes%3C%2FA%3E%26nbsp%3Bis%26nbsp%3Ban%20Azure%20Defender%20service%20that%20continuously%20monitors%20for%20threat%20and%20raises%20alerts%20to%26nbsp%3Bdefend%26nbsp%3BKubernetes%20clusters.%20Azure%20Defender%20for%20Kubernetes%20supports%20AKS-HCI%20clusters%2C%20leveraging%26nbsp%3BArc%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-arc%2Fkubernetes%2Fextensions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eextensions%20capabilities%3C%2FA%3E.%26nbsp%3BThis%20integration%20between%20AKS-HCI%20and%20Azure%20Defender%20for%20Kubernetes%20brings%20the%20following%20two%20distinct%20advantages%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEasy%20provisioning%20of%20Azure%20Defender%20extensions%20on%20AKS-HCI%20clusters%3C%2FLI%3E%0A%3CLI%3EThe%20Azure%20Defender%20extensions%20can%20be%20managed%20from%20the%20Azure%20Arc%20portal%3C%2FLI%3E%0A%3CLI%3ESecurity%20recommendations%20and%20alerts%20reported%20in%20new%20Security%20center%20page%20of%20the%20Azure%20Arc%20portal%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAs%20shown%20in%20the%20figure%20below%20AKS-HCI%20clusters%20are%20integrated%20into%20the%20Azure%20Security%20Center%20portal%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22portal.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287993i084F9288F4D2AB8A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22portal.png%22%20alt%3D%22portal.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3ETypes%20of%20Attacks%20on%20Kubernetes%20Containers%20detected%20by%20Azure%20Defender%20for%20Kubernetes%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Defender%26nbsp%3BKubernetes%20plan%20offers%20protection%20of%20Kubernetes%20clusters%2C%20both%20at%20the%20orchestration%20layer%20and%20at%20the%20node%20level.%20The%20orchestration%20layer%20protection%20monitors%20Kubernetes%20API%20operations%20to%20find%20suspicious%20and%20malicious%20activities%20in%20the%20Kubernetes%20control%20plane.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20MITRE%20ATT%26amp%3BCK%E2%80%99s%20approach%20of%20methodically%20outlin%3CSPAN%3Eing%3C%2FSPAN%3E%20the%20possible%20threats%2C%20Microsoft%3CSPAN%3E%20built%3C%2FSPAN%3E%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F04%2F02%2Fattack-matrix-kubernetes%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EThreat%20Matrix%20for%20Kubernetes%3C%2FA%3E%2C%20which%20the%20first%20attempts%20to%20systematically%20map%20the%20attack%20surface%20of%20Kubernetes.%20An%20updated%20version%20of%20the%20matrix%20was%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F03%2F23%2Fsecure-containerized-environments-with-updated-threat-matrix-for-kubernetes%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ereleased%3C%2FA%3E%20earlier%20this%20year.%3C%2FP%3E%0A%3CP%3EIn%20this%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2FCenter%2520for%2520Threat-Informed%2520Defense%2520teams%2520up%2520with%2520Microsoft%2C%2520partners%2520to%2520build%2520the%2520ATT%26amp%3BCK%C2%AE%2520for%2520Containers%2520matrix%22%20target%3D%22_blank%22%3Eblog%3C%2FA%3E%20you%20can%20find%20more%20details%20on%20Azure%20Defender%20detections%20with%20their%20correlation%20to%20%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fmitre-engenuity%2Fatt-ck-for-containers-now-available-4c2359654bf1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EMITRE%20ATT%26amp%3BCK%C2%AE%20for%20Containers%20matrix%3C%2FA%3E%20techniques.%3C%2FP%3E%0A%3CP%3EThe%20figure%20below%20describes%20the%20progression%20of%20single%20alert%20across%20the%20different%20phases%20(as%20defined%20in%20the%20MITRE%20ATT%26amp%3BCK%20framework)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22MiTREATTACK.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F288506i3DF58B9A4F405BAE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22MiTREATTACK.png%22%20alt%3D%22MiTREATTACK.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESome%20examples%20of%20attacks%20that%20could%20be%20potentially%20high%20risk%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ThreatTable.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287989i6C98A102671C9C22%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ThreatTable.png%22%20alt%3D%22ThreatTable.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20the%20full%20list%20of%20Kubernetes%20security%20alerts%20along%20with%20their%20relevance%20to%20MITRE%20tactics%20see%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Falerts-reference%23alerts-akscluster%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Defender%20page%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--440088177%22%20id%3D%22toc-hId--440094191%22%3EFAQs%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EHow%20does%20Azure%20Defender%20for%20Kubernetes%20work%20under%20the%20hood%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20refer%20to%20the%20architectural%20overview%20in%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-kubernetes-azure-arc%3Ftabs%3Dk8s-deploy-asc%252Ck8s-verify-asc%252Ck8s-remove-arc%23architecture-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elink%3C%2FA%3E.%20Further%20details%20in%20a%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fdetecting-threats-targeting-containers-with-azure-security-center%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eblog%3C%2FA%3E%20from%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fauthor%2Ft-yowei%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYossi%20Weizman%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EQ%3A%20Do%20I%20need%20to%20subscribe%20to%20Azure%20Defender%20before%20I%20can%20add%20Azure%20Defender%20Extension%20to%20my%20Arc%20enabled%20Kubernetes%20Cluster%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EAKS-HCI%20is%20an%20Azure%20Arc%20enabled%20Kubernetes%20distribution%20with%20an%20Azure%20subscription%20provided%20as%20part%20of%20the%20set-up%20process.%20To%20use%20Azure%20Defender%20for%20Kubernetes%20threat%20monitoring%20the%20admin%20needs%20to%20add%20Azure%20Defender%20for%20Kubernetes%20to%20the%20Azure%20subscription.%20For%20more%20information%20refer%20to%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fenable-azure-defender%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elink%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EQ%3A%20Is%20there%20is%20free%20tier%20for%20Azure%20Defender%20for%20Arc%20enabled%20Kubernetes%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3ECurrently%2C%20Azure%20Defender%20for%20Azure%20Arc%20Enabled%20Kubernetes%20is%20in%20public%20preview%2C%20during%20public%20preview%20there%20is%20no%20charge%20for%20AKS-HCI%20clusters.%20The%20pricing%20details%20will%20be%20available%20when%20the%20feature%20is%20Generally%20Available.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EQ%3A%20Where%20can%20I%20find%20deployment%20steps%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EAKS-HCI%20is%20a%20validated%20Azure%20Arc%20enabled%20Kubernetes%20deployment%2C%20the%20deployment%20steps%20can%20be%20found%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-kubernetes-azure-arc%3Ftabs%3Dk8s-deploy-asc%252Ck8s-verify-asc%252Ck8s-remove-arc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%20link.%20%3CSTRONG%3ENote%20this%20is%20currently%20in%20public%20preview%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EQ%3A%20Does%20Azure%20Defender%20for%20Kubernetes%20generate%20alerts%20for%20both%20windows%20and%20linux%20worker%20nodes%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EOrchestration%20level%20alerts%20that%20come%20from%20api-server%20and%20K8%20apis%20are%20supported%20agonistic%20of%20Operating%20System.%20Run-time%20alerts%20such%20as%20process%20inspections%20for%20malware%2C%20privilege%20escalations%20etc%20are%20OS%20dependent.%20Run-time%20alerts%20are%20planned%20in%20the%20near%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%233366FF%22%3EQ%3A%20Does%20integration%20with%20Azure%20Defender%20for%20Kubernetes%20cover%20alerts%20for%20servers%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3ENo%2C%20there%20is%20a%20separate%20subscription%20for%20covering%20alerts%20for%20server%2C%20for%20more%20information%20on%20Azure%20Defender%20for%20servers%20please%20refer%20to%20this%20link%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-servers-introduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2437216%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TeaserPicture.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287995i2DB06BAAF742ED6B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22TeaserPicture.png%22%20alt%3D%22TeaserPicture.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2437216%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Stack%20HCI%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jun 14 2021 10:46 AM
Updated by: