Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[KSPM EKS] Cloudbeat can't read kubelet process #2008

Open
amirbenun opened this issue Mar 6, 2024 · 1 comment
Open

[KSPM EKS] Cloudbeat can't read kubelet process #2008

amirbenun opened this issue Mar 6, 2024 · 1 comment
Labels
bug Something isn't working Team:Cloud Security Cloud Security team related

Comments

@amirbenun
Copy link
Contributor

Background

An alert was triggered for matching 400 findings instead of 411 for KSPM on EKS.

Research

  1. As you can see in the findings index, the 11 missing findings used to come from ip-10-0-3-115.eu-west-1.compute.internal node as cloudbeat analyses its kubelet process but for some reason this time it failed.
  2. When checking cloudbeat logs from the relevant time we can see that cloudbeat failed to read the process from the filesystem: Error running fetcher for key process: open /hostfs/proc/2626/stat: no such file or directory.

Disclaimer

On the next cycle, things got back to normal, cloudbeat properly read and analyzed the kubelet process and generated the missing 11 findings.

Next steps

We don't have enough data to understand what caused this error I suggest seeing if this issue happens again and prioritizing it accordingly.
@amirbenun amirbenun added bug Something isn't working Team:Cloud Security Cloud Security team related labels Mar 6, 2024
@amirbenun amirbenun mentioned this issue Mar 10, 2024
Merged
5 tasks
@amirbenun
Copy link
Contributor Author

The process fetcher logs were already enhanced as part of #1831.
Adding a few more improvements that will help to understand the cause on the next time it happens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Team:Cloud Security Cloud Security team related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amirbenun