Navigation :

Kubernetes AWS Detect Suspicious Kubectl Calls

Description

This search provides information on anonymous Kubectl calls with IP, verb namespace and object access context

Help
Kubernetes AWS Detect Suspicious Kubectl Calls Help You must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs.

Help

Kubernetes AWS Detect Suspicious Kubectl Calls Help

You must install splunk AWS add on and Splunk App for AWS. This search works with cloudwatch logs.

Search
`aws_cloudwatchlogs_eks` userAgent=kubectl* sourceIPs{}!=127.0.0.1 sourceIPs{}!=::1 src_user=system:anonymous \| table src_ip src_user verb userAgent requestURI \| stats count by src_ip src_user verb userAgent requestURI \|`kubernetes_aws_detect_suspicious_kubectl_calls_filter` Open in Search

Search

`aws_cloudwatchlogs_eks` userAgent=kubectl* sourceIPs{}!=127.0.0.1 sourceIPs{}!=::1 src_user=system:anonymous  | table  src_ip src_user verb userAgent requestURI  | stats  count by src_ip src_user verb userAgent requestURI |`kubernetes_aws_detect_suspicious_kubectl_calls_filter`

Open in Search