Query: GuardDuty EKS runtime monitoring should be enabled

Description

This control checks whether GuardDuty EKS runtime monitoring with automated agent management is enabled. For a standalone account, the control fails if GuardDuty EKS runtime monitoring with automated agent management is disabled in the account. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts don't have EKS runtime monitoring with automated agent management enabled.

Query

Tables used in this query:

• aws_guardduty_detector

Controls using this query:

• 7 GuardDuty EKS Runtime Monitoring should be enabled
• GuardDuty EKS runtime monitoring should be enabled

SQL