GuardDuty Protecting EKS - How to Estimate Log Quantity?
How do I find the quantity of EKS Audit Logs across multiple accounts (100's) to price GuardDuty as accurately as possible?
I think the question in general is kind of moot.
In CFM the point is not to estimate which is extremely difficult for many services for example S3 or EKS audit logs.
As the service has 30 day free trail, just enable it and see the estimate yourself.
Additionally you can also monitor one or two cluster for their actual behavior. This can be achieved by enabling control plane logging (specifically audit logs) in couple of clusters and observe the log volume let's say in CloudWatch.
This is the approach Im taking - averaging the logs across a number of select accounts and estimating the cost from there. My next step is the enable GD for the trial period. I just want to ask if there was a more accurate way to estimate logs across a large number of accounts. Thanks for your answer.
Enabling GuardDuty via OrganisationsAccepted Answerasked 7 months ago
Best method to send guardduty logs to opensearch
Viewing EKS 'fargate-scheduler' logsasked 4 months ago
GuardDuty Customers! - Anyone with experience using partner GuardDuty threat lists?asked 19 days ago
Cannot configure Guardduty 'findings export options' to an S3 bucketasked 2 months ago
GuardDuty Protecting EKS - How to Estimate Log Quantity?asked a month ago
How does GuardDuty work in a Shared VPC?Accepted AnswerEXPERTasked 4 years ago
How to debug pod failure on EKS?asked 3 years ago
GuardDuty pricing investigationAccepted Answerasked a year ago
Guardduty on AWS organization vs individual accountsAccepted Answer