Amazon EKS Kubernetes Pod Scan Detection

Description

This search provides detection information on unauthenticated requests against Kubernetes' Pods API

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Cloud Security

Alert Volume

This search provides detection information on unauthenticated requests against Kubernetes' Pods API

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

Cloud Service Discovery

Cloud Service Discovery

Kill Chain Phases

Reconnaissance

Data Sources

AWS
Audit Trail

   Help

Amazon EKS Kubernetes Pod Scan Detection Help

You must install the AWS App for Splunk (version 5.1.0 or later) and Splunk Add-on forAWS (version 4.4.0 or later), then configure your AWS CloudWatch EKS Logs.Please also customize the kubernetes_pods_aws_scan_fingerprint_detection macro to filter out the false positives.

   Search

Open in Search