LoFP
/
aws eks kubernetes cluster
Title
Tags
not all rbac authorications are malicious. rbac authorizations can uncover malicious activity specially if sensitive roles have been granted.
gcp gke kubernetes cluster
aws eks kubernetes cluster
azure aks kubernetes cluster
splunk
sensitive object access is not necessarily malicious but user and object context can provide guidance for detection.
azure aks kubernetes cluster
aws eks kubernetes cluster
gcp gke kubernetes cluster
splunk
sensitive role resource access is necessary for cluster operation, however source ip, namespace and user group may indicate possible malicious use.
azure aks kubernetes cluster
aws eks kubernetes cluster
splunk
this search can give false positives as there might be inherent issues with authentications and permissions at cluster.
azure aks kubernetes cluster
aws eks kubernetes cluster
gcp gke kubernetes cluster
splunk
LoFP
/
aws eks kubernetes cluster