Techniques
Sample rules
Kubernetes CronJob/Job Modification
- source: sigma
- technicques:
Description
Detects when a Kubernetes CronJob or Job is created or modified. A Kubernetes Job creates one or more pods to accomplish a specific task, and a CronJob creates Jobs on a recurring schedule. An adversary can take advantage of this Kubernetes object to schedule Jobs to run containers that execute malicious code within a cluster, allowing them to achieve persistence.
Detection logic
condition: selection
selection:
objectRef.apiGroup: batch
objectRef.resource:
- cronjobs
- jobs
verb:
- create
- delete
- patch
- replace
- update