Navigation :

AWS EKS Kubernetes Cluster Sensitive Object Access

Description

This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets

Content Mapping

This content is not mapped to any local saved search. Add mapping

Use Case

Security Monitoring

Alert Volume

This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets

SPL Difficulty

None

Journey

Stage 3

Data Sources

AWS

Audit Trail

Help
AWS EKS Kubernetes Cluster Sensitive Object Access Help You must install Splunk Add-on for Amazon Web Services and Splunk App for AWS. This search works with cloudwatch logs.

Help

AWS EKS Kubernetes Cluster Sensitive Object Access Help

You must install Splunk Add-on for Amazon Web Services and Splunk App for AWS. This search works with cloudwatch logs.

Search
`aws_cloudwatchlogs_eks` objectRef.resource=secrets OR configmaps sourceIPs{}!=::1 sourceIPs{}!=127.0.0.1 \|table sourceIPs{} user.username user.groups{} objectRef.resource objectRef.namespace objectRef.name annotations.authorization.k8s.io/reason \|dedup user.username user.groups{} \|`aws_eks_kubernetes_cluster_sensitive_object_access_filter` Open in Search

Search

`aws_cloudwatchlogs_eks` objectRef.resource=secrets OR configmaps sourceIPs{}!=::1 sourceIPs{}!=127.0.0.1  |table sourceIPs{} user.username user.groups{} objectRef.resource objectRef.namespace objectRef.name annotations.authorization.k8s.io/reason |dedup user.username user.groups{} |`aws_eks_kubernetes_cluster_sensitive_object_access_filter`

Open in Search