Kubernetes AWS Detect Most Active Service Accounts By Pod

Description

This search provides information on Kubernetes service accounts,accessing pods by IP address, verb and decision

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search provides information on Kubernetes service accounts,accessing pods by IP address, verb and decision

SPL Difficulty

None

Journey

Stage 3

Data Sources

AWS
Audit Trail

   Help

Kubernetes AWS Detect Most Active Service Accounts By Pod Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs

   Search

Open in Search