GCP Kubernetes Cluster Pod Scan Detection

Description

This search provides information of unauthenticated requests via user agent, and authentication data against Kubernetes cluster's pods

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search provides information of unauthenticated requests via user agent, and authentication data against Kubernetes cluster's pods

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

Cloud Service Discovery

Cloud Service Discovery

Data Sources

GCP
Audit Trail

   Help

GCP Kubernetes Cluster Pod Scan Detection Help

You must install the GCP App for Splunk (version 2.0.0 or later), then configure stackdriver and set a Pub/Sub subscription to be imported to Splunk.

   Search

Open in Search