GCP Kubernetes Cluster Scan Detection
This search provides information of unauthenticated requests via user agent, and authentication data against Kubernetes cluster
This content is not mapped to any local saved search. Add mapping
GCP Kubernetes Cluster Scan Detection Help
You must install the GCP App for Splunk (version 2.0.0 or later), then configure stackdriver and set a Pub/Sub subscription to be imported to Splunk. You must also install Cloud Infrastructure data model.Customize the macro kubernetesgcpscanfingerprintattack_detection to filter out FPs.
Open in Search