|
Cisco Isovalent - Nsenter Usage in Kubernetes Pod
|
Cisco Isovalent Process Exec
|
T1543
|
Anomaly
|
Cisco Isovalent Suspicious Activity
|
2026-05-13
|
|
Kubernetes Scanner Image Pulling
|
|
T1526
|
TTP
|
Dev Sec Ops
|
2026-05-13
|
|
Kubernetes newly seen UDP edge
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Cron Job Creation
|
Kubernetes Audit
|
T1053.007
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Nginx Ingress LFI
|
|
T1212
|
TTP
|
Dev Sec Ops
|
2026-05-13
|
|
Kubernetes Shell Running on Worker Node with CPU Activity
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Nginx Ingress RFI
|
|
T1212
|
TTP
|
Dev Sec Ops
|
2026-05-13
|
|
Kubernetes Scanning by Unauthenticated IP Address
|
Kubernetes Audit
|
T1046
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Falco Shell Spawned
|
Kubernetes Falco
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Amazon EKS Kubernetes cluster scan detection
|
|
T1526
|
Hunting
|
Kubernetes Scanning Activity
|
2026-05-13
|
|
Kubernetes Abuse of Secret by Unusual Location
|
Kubernetes Audit
|
T1552.007
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Abuse of Secret by Unusual User Name
|
Kubernetes Audit
|
T1552.007
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Anomalous Outbound Network Activity from Process
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Abuse of Secret by Unusual User Agent
|
Kubernetes Audit
|
T1552.007
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Previously Unseen Process
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Abuse of Secret by Unusual User Group
|
Kubernetes Audit
|
T1552.007
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes newly seen TCP edge
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Anomalous Inbound to Outbound Network IO Ratio
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Shell Running on Worker Node
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Process with Resource Ratio Anomalies
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Anomalous Inbound Outbound Network IO
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Node Port Creation
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Suspicious Image Pulling
|
Kubernetes Audit
|
T1526
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Previously Unseen Container Image Name
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Anomalous Inbound Network Activity from Process
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Pod With Host Network Attachment
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Create or Update Privileged Pod
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Pod Created in Default Namespace
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes AWS detect suspicious kubectl calls
|
Kubernetes Audit
|
N/A
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes DaemonSet Deployed
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Access Scanning
|
Kubernetes Audit
|
T1046
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Kubernetes Process with Anomalous Resource Utilisation
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Anomalous Traffic on Network Edge
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Process Running From New Path
|
|
T1204
|
Anomaly
|
Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring
|
2026-05-13
|
|
Kubernetes Unauthorized Access
|
Kubernetes Audit
|
T1204
|
Anomaly
|
Kubernetes Security
|
2026-05-13
|
|
Amazon EKS Kubernetes Pod scan detection
|
|
T1526
|
Hunting
|
Kubernetes Scanning Activity
|
2026-05-13
|
|
GCP Kubernetes cluster pod scan detection
|
|
T1526
|
Hunting
|
Scattered Lapsus$ Hunters, Kubernetes Scanning Activity
|
2026-05-13
|
