Analytics Story: Kubernetes Scanning Activity
Description
This story addresses detection against Kubernetes cluster fingerprint scan and attack by providing information on items such as source ip, user agent, cluster names.
Why it matters
Kubernetes is the most used container orchestration platform, this orchestration platform contains sensitve information and management priviledges of production workloads, microservices and applications. These searches allow operator to detect suspicious unauthenticated requests from the internet to kubernetes cluster.
Detections
| Name | Technique | Type |
|---|---|---|
| Amazon EKS Kubernetes cluster scan detection | Cloud Service Discovery | Hunting |
| Amazon EKS Kubernetes Pod scan detection | Cloud Service Discovery | Hunting |
| GCP Kubernetes cluster pod scan detection | Cloud Service Discovery | Hunting |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|
References
Source: GitHub | Version: 1