Amazon EKS Kubernetes cluster scan detection
|
|
Cloud Service Discovery
|
Hunting
|
Kubernetes Scanning Activity
|
2024-10-17
|
Amazon EKS Kubernetes Pod scan detection
|
|
Cloud Service Discovery
|
Hunting
|
Kubernetes Scanning Activity
|
2024-10-17
|
GCP Kubernetes cluster pod scan detection
|
|
Cloud Service Discovery
|
Hunting
|
Kubernetes Scanning Activity
|
2024-10-17
|
Kubernetes Abuse of Secret by Unusual Location
|
Kubernetes Audit
|
Container API
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Abuse of Secret by Unusual User Agent
|
Kubernetes Audit
|
Container API
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Abuse of Secret by Unusual User Group
|
Kubernetes Audit
|
Container API
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Abuse of Secret by Unusual User Name
|
Kubernetes Audit
|
Container API
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Access Scanning
|
Kubernetes Audit
|
Network Service Discovery
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Anomalous Inbound Network Activity from Process
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Anomalous Inbound Outbound Network IO
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Anomalous Inbound to Outbound Network IO Ratio
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Anomalous Outbound Network Activity from Process
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Anomalous Traffic on Network Edge
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes AWS detect suspicious kubectl calls
|
Kubernetes Audit
|
N/A
|
Anomaly
|
Kubernetes Security
|
2024-10-17
|
Kubernetes Create or Update Privileged Pod
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Cron Job Creation
|
Kubernetes Audit
|
Container Orchestration Job
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes DaemonSet Deployed
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Falco Shell Spawned
|
Kubernetes Falco
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes newly seen TCP edge
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes newly seen UDP edge
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Nginx Ingress LFI
|
|
Exploitation for Credential Access
|
TTP
|
Dev Sec Ops
|
2024-09-30
|
Kubernetes Nginx Ingress RFI
|
|
Exploitation for Credential Access
|
TTP
|
Dev Sec Ops
|
2024-09-30
|
Kubernetes Node Port Creation
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Pod Created in Default Namespace
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Pod With Host Network Attachment
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Previously Unseen Container Image Name
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Previously Unseen Process
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Process Running From New Path
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Process with Anomalous Resource Utilisation
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Process with Resource Ratio Anomalies
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Scanner Image Pulling
|
|
Cloud Service Discovery
|
TTP
|
Dev Sec Ops
|
2024-09-30
|
Kubernetes Scanning by Unauthenticated IP Address
|
Kubernetes Audit
|
Network Service Discovery
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Shell Running on Worker Node
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Shell Running on Worker Node with CPU Activity
|
|
User Execution
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2024-10-17
|
Kubernetes Suspicious Image Pulling
|
Kubernetes Audit
|
Cloud Service Discovery
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
Kubernetes Unauthorized Access
|
Kubernetes Audit
|
User Execution
|
Anomaly
|
Kubernetes Security
|
2024-09-30
|
AWS EKS Kubernetes cluster sensitive object access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
GCP Kubernetes cluster scan detection
|
|
Cloud Service Discovery
|
TTP
|
Kubernetes Scanning Activity
|
2024-10-17
|
Kubernetes AWS detect most active service accounts by pod
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes AWS detect RBAC authorization by account
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes AWS detect sensitive role access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes AWS detect service accounts forbidden failure access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes Azure active service accounts by pod namespace
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes Azure detect RBAC authorization by account
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes Azure detect sensitive object access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes Azure detect sensitive role access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes Azure detect service accounts forbidden failure access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes Azure detect suspicious kubectl calls
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes Azure pod scan fingerprint
|
|
N/A
|
Hunting
|
Kubernetes Scanning Activity
|
2024-10-17
|
Kubernetes Azure scan fingerprint
|
|
Cloud Service Discovery
|
Hunting
|
Kubernetes Scanning Activity
|
2024-10-17
|
Kubernetes GCP detect most active service accounts by pod
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes GCP detect RBAC authorizations by account
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes GCP detect sensitive object access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes GCP detect sensitive role access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Role Activity
|
2024-10-17
|
Kubernetes GCP detect service accounts forbidden failure access
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|
Kubernetes GCP detect suspicious kubectl calls
|
|
N/A
|
Hunting
|
Kubernetes Sensitive Object Access Activity
|
2024-10-17
|