Navigation :
AWS EKS Kubernetes Cluster Sensitive Object Access
Description
This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes accounts accessing sensitve objects such as configmaps or secrets
SPL Difficulty
None
Journey
Stage 3
Data Sources
AWS
Audit Trail
Help |
---|
AWS EKS Kubernetes Cluster Sensitive Object Access HelpYou must install Splunk Add-on for Amazon Web Services and Splunk App for AWS. This search works with cloudwatch logs. |
Search |
---|
`aws_cloudwatchlogs_eks` objectRef.resource=secrets OR configmaps sourceIPs{}!=::1 sourceIPs{}!=127.0.0.1 |table sourceIPs{} user.username user.groups{} objectRef.resource objectRef.namespace objectRef.name annotations.authorization.k8s.io/reason |dedup user.username user.groups{} |`aws_eks_kubernetes_cluster_sensitive_object_access_filter` Open in Search |