Techniques
Sample rules
Kubernetes Azure pod scan fingerprint
- source: splunk
- technicques:
Description
This search provides information of unauthenticated requests via source IP user agent, request URI and response status data against Kubernetes cluster pod in Azure
Detection logic
`kubernetes_azure` category=kube-audit
| spath input=properties.log
| search responseStatus.code=401
| table sourceIPs{} userAgent verb requestURI responseStatus.reason properties.pod
|`kubernetes_azure_pod_scan_fingerprint_filter`
Kubernetes Azure scan fingerprint
- source: splunk
- technicques:
- T1526
Description
This search provides information of unauthenticated requests via source IP user agent, request URI and response status data against Kubernetes cluster in Azure
Detection logic
`kubernetes_azure` category=kube-audit
| spath input=properties.log
| search responseStatus.code=401
| table sourceIPs{} userAgent verb requestURI responseStatus.reason
|`kubernetes_azure_scan_fingerprint_filter`