Advanced Detection and Investigation Using GRR Framework on AWS EKS

Abstract: In today’s cybersecurity landscape, real-time threat detection and response are critical to protecting digital infrastructure. The Google Rapid Response (GRR) framework, known for its strong incident response capabilities, becomes even more effective when integrated with cloud-native platforms like Amazon Web Services (AWS) Elastic Kubernetes Service (EKS). This integration enables robust forensic investigation and advanced threat detection. While GRR is widely used in traditional environments, its deployment in modern cloud-native setups, especially on AWS EKS, lacks sufficient guidance. This paper addresses this gap by implementing a GRR infrastructure on AWS EKS, enhancing its detection and investigation capabilities. The paper involves provisioning AWS EKS clusters, containerizing GRR components, and integrating them for seamless operation. Advanced detection techniques are implemented to streamline forensic investigations. The deployment demonstrated improvements in threat detection and response capabilities, showcasing the potential for optimized configuration and container management within the EKS environment. These findings underline the practical benefits of integrating GRR with modern cloud-native architectures.