Techniques
Sample rules
Kubernetes Unauthorized or Unauthenticated Access
- source: sigma
- technicques:
Description
Detects when a request to the Kubernetes API is rejected due to lack of authorization or due to an expired authentication token being used. This may indicate an attacker attempting to leverage credentials they have obtained.
Detection logic
condition: selection
selection:
responseStatus.code:
- 401
- 403