Kubernetes Detections

Name Data Source Technique Type Analytic Story Date
Amazon EKS Kubernetes cluster scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2024-05-15
Amazon EKS Kubernetes Pod scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2024-05-29
GCP Kubernetes cluster pod scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2024-05-18
Kubernetes Abuse of Secret by Unusual Location Kubernetes Audit Container API Anomaly Kubernetes Security 2024-05-11
Kubernetes Abuse of Secret by Unusual User Agent Kubernetes Audit Container API Anomaly Kubernetes Security 2024-05-22
Kubernetes Abuse of Secret by Unusual User Group Kubernetes Audit Container API Anomaly Kubernetes Security 2024-05-25
Kubernetes Abuse of Secret by Unusual User Name Kubernetes Audit Container API Anomaly Kubernetes Security 2024-05-27
Kubernetes Access Scanning Kubernetes Audit Network Service Discovery Anomaly Kubernetes Security 2024-05-12
Kubernetes Anomalous Inbound Network Activity from Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-05-17
Kubernetes Anomalous Inbound Outbound Network IO User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Anomalous Inbound to Outbound Network IO Ratio User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Anomalous Outbound Network Activity from Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-05-25
Kubernetes Anomalous Traffic on Network Edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-05-24
Kubernetes AWS detect suspicious kubectl calls Kubernetes Audit N/A Anomaly Kubernetes Security 2024-05-18
Kubernetes Create or Update Privileged Pod Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-28
Kubernetes Cron Job Creation Kubernetes Audit Container Orchestration Job Anomaly Kubernetes Security 2024-05-28
Kubernetes DaemonSet Deployed Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-16
Kubernetes Falco Shell Spawned Kubernetes Falco User Execution Anomaly Kubernetes Security 2024-05-25
Kubernetes newly seen TCP edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-05-15
Kubernetes newly seen UDP edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-05-27
Kubernetes Nginx Ingress LFI Exploitation for Credential Access TTP Dev Sec Ops 2024-05-19
Kubernetes Nginx Ingress RFI Exploitation for Credential Access TTP Dev Sec Ops 2024-05-19
Kubernetes Node Port Creation Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-12
Kubernetes Pod Created in Default Namespace Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-12
Kubernetes Pod With Host Network Attachment Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-19
Kubernetes Previously Unseen Container Image Name User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Previously Unseen Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Process Running From New Path User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Process with Anomalous Resource Utilisation User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Process with Resource Ratio Anomalies User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Scanner Image Pulling Cloud Service Discovery TTP Dev Sec Ops 2024-05-20
Kubernetes Scanning by Unauthenticated IP Address Kubernetes Audit Network Service Discovery Anomaly Kubernetes Security 2024-05-10
Kubernetes Shell Running on Worker Node User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Shell Running on Worker Node with CPU Activity User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2024-09-24
Kubernetes Suspicious Image Pulling Kubernetes Audit Cloud Service Discovery Anomaly Kubernetes Security 2024-05-13
Kubernetes Unauthorized Access Kubernetes Audit User Execution Anomaly Kubernetes Security 2024-05-21
AWS EKS Kubernetes cluster sensitive object access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-15
GCP Kubernetes cluster scan detection Cloud Service Discovery TTP Kubernetes Scanning Activity 2024-08-15
Kubernetes AWS detect most active service accounts by pod N/A Hunting Kubernetes Sensitive Role Activity 2024-08-16
Kubernetes AWS detect RBAC authorization by account N/A Hunting Kubernetes Sensitive Role Activity 2024-08-15
Kubernetes AWS detect sensitive role access N/A Hunting Kubernetes Sensitive Role Activity 2024-09-24
Kubernetes AWS detect service accounts forbidden failure access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-16
Kubernetes Azure active service accounts by pod namespace N/A Hunting Kubernetes Sensitive Role Activity 2024-08-15
Kubernetes Azure detect RBAC authorization by account N/A Hunting Kubernetes Sensitive Role Activity 2024-08-15
Kubernetes Azure detect sensitive object access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-15
Kubernetes Azure detect sensitive role access N/A Hunting Kubernetes Sensitive Role Activity 2024-09-24
Kubernetes Azure detect service accounts forbidden failure access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-15
Kubernetes Azure detect suspicious kubectl calls N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-15
Kubernetes Azure pod scan fingerprint N/A Hunting Kubernetes Scanning Activity 2024-08-15
Kubernetes Azure scan fingerprint Cloud Service Discovery Hunting Kubernetes Scanning Activity 2024-08-15
Kubernetes GCP detect most active service accounts by pod N/A Hunting Kubernetes Sensitive Role Activity 2024-08-16
Kubernetes GCP detect RBAC authorizations by account N/A Hunting Kubernetes Sensitive Role Activity 2024-08-15
Kubernetes GCP detect sensitive object access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-15
Kubernetes GCP detect sensitive role access N/A Hunting Kubernetes Sensitive Role Activity 2024-09-24
Kubernetes GCP detect service accounts forbidden failure access N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-16
Kubernetes GCP detect suspicious kubectl calls N/A Hunting Kubernetes Sensitive Object Access Activity 2024-08-16