Navigation :
Kubernetes Azure Detect Sensitive Role Access
Description
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
SPL Difficulty
None
Journey
Stage 3
Data Sources
Audit Trail
Azure
Help |
---|
Kubernetes Azure Detect Sensitive Role Access HelpYou must install the Add-on for Microsoft Cloud Services and Configure Kube-Audit data diagnostics |
Search |
---|
`kubernetes_azure` category=kube-audit | spath input=properties.log| search objectRef.resource=clusterroles OR clusterrolebindings | table sourceIPs{} user.username user.groups{} objectRef.namespace requestURI annotations.authorization.k8s.io/reason | dedup user.username user.groups{} |`kubernetes_azure_detect_sensitive_role_access_filter` Open in Search |