Navigation :
Kubernetes AWS Detect Most Active Service Accounts By Pod
Description
This search provides information on Kubernetes service accounts,accessing pods by IP address, verb and decision
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes service accounts,accessing pods by IP address, verb and decision
SPL Difficulty
None
Journey
Stage 3
Data Sources
AWS
Audit Trail
Help |
---|
Kubernetes AWS Detect Most Active Service Accounts By Pod HelpYou must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs |
Search |
---|
`aws_cloudwatchlogs_eks` user.groups{}=system:serviceaccounts objectRef.resource=pods | table sourceIPs{} user.username userAgent verb annotations.authorization.k8s.io/decision | top sourceIPs{} user.username verb annotations.authorization.k8s.io/decision |`kubernetes_aws_detect_most_active_service_accounts_by_pod_filter` Open in Search |