📄️ Create an EKS Cluster with a Windows Container
Create cluster.yaml file as follows:
📄️ Centralized Logging
Running kubectl logs in your terminal is fine for simple logging checks, but a more sophisticated method is needed to achieve better observability. That is, centralized logging.
📄️ Deploy Eolh
To build Eolh, you need a patched version of golang-etw. We provide the patch file as diff.patch.
📄️ Eolh Rules
Eolh has detection rule engine and a few default rules.
📄️ Create a custom rule
Eolh supports Go and Rego for writing detection rules.