Navigation :
Kubernetes Azure Detect Sensitive Object Access
Description
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
SPL Difficulty
None
Journey
Stage 3
Data Sources
Audit Trail
Azure
Help |
---|
Kubernetes Azure Detect Sensitive Object Access HelpYou must install the Add-on for Microsoft Cloud Services and Configure Kube-Audit data diagnostics |
Search |
---|
`kubernetes_azure` category=kube-audit | spath input=properties.log| search objectRef.resource=secrets OR configmaps user.username=system.anonymous OR annotations.authorization.k8s.io/decision=allow |table user.username user.groups{} objectRef.resource objectRef.namespace objectRef.name annotations.authorization.k8s.io/reason |dedup user.username user.groups{} |`kubernetes_azure_detect_sensitive_object_access_filter` Open in Search |