Kubernetes Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Amazon EKS Kubernetes cluster scan detection		Cloud Service Discovery	Hunting	Kubernetes Scanning Activity	2024-11-14
Amazon EKS Kubernetes Pod scan detection		Cloud Service Discovery	Hunting	Kubernetes Scanning Activity	2024-11-14
GCP Kubernetes cluster pod scan detection		Cloud Service Discovery	Hunting	Kubernetes Scanning Activity	2024-11-14
Kubernetes Abuse of Secret by Unusual Location	Kubernetes Audit	Container API	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Abuse of Secret by Unusual User Agent	Kubernetes Audit	Container API	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Abuse of Secret by Unusual User Group	Kubernetes Audit	Container API	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Abuse of Secret by Unusual User Name	Kubernetes Audit	Container API	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Access Scanning	Kubernetes Audit	Network Service Discovery	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Anomalous Inbound Network Activity from Process		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Anomalous Inbound Outbound Network IO		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Anomalous Inbound to Outbound Network IO Ratio		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Anomalous Outbound Network Activity from Process		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Anomalous Traffic on Network Edge		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes AWS detect suspicious kubectl calls	Kubernetes Audit	N/A	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Create or Update Privileged Pod	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Cron Job Creation	Kubernetes Audit	Container Orchestration Job	Anomaly	Kubernetes Security	2024-11-14
Kubernetes DaemonSet Deployed	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Falco Shell Spawned	Kubernetes Falco	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes newly seen TCP edge		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes newly seen UDP edge		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Nginx Ingress LFI		Exploitation for Credential Access	TTP	Dev Sec Ops	2024-11-14
Kubernetes Nginx Ingress RFI		Exploitation for Credential Access	TTP	Dev Sec Ops	2024-11-14
Kubernetes Node Port Creation	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Pod Created in Default Namespace	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Pod With Host Network Attachment	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Previously Unseen Container Image Name		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Previously Unseen Process		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Process Running From New Path		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Process with Anomalous Resource Utilisation		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Process with Resource Ratio Anomalies		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Scanner Image Pulling		Cloud Service Discovery	TTP	Dev Sec Ops	2024-11-14
Kubernetes Scanning by Unauthenticated IP Address	Kubernetes Audit	Network Service Discovery	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Shell Running on Worker Node		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Shell Running on Worker Node with CPU Activity		User Execution	Anomaly	Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring	2024-11-14
Kubernetes Suspicious Image Pulling	Kubernetes Audit	Cloud Service Discovery	Anomaly	Kubernetes Security	2024-11-14
Kubernetes Unauthorized Access	Kubernetes Audit	User Execution	Anomaly	Kubernetes Security	2024-11-14