Navigation :

Kubernetes Azure Detect Sensitive Role Access

Description

This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets

Content Mapping

This content is not mapped to any local saved search. Add mapping

Use Case

Security Monitoring

Alert Volume

This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets

SPL Difficulty

None

Journey

Stage 3

Data Sources

Audit Trail

Azure

Help
Kubernetes Azure Detect Sensitive Role Access Help You must install the Add-on for Microsoft Cloud Services and Configure Kube-Audit data diagnostics

Help

Kubernetes Azure Detect Sensitive Role Access Help

You must install the Add-on for Microsoft Cloud Services and Configure Kube-Audit data diagnostics

Search
`kubernetes_azure` category=kube-audit \| spath input=properties.log\| search objectRef.resource=clusterroles OR clusterrolebindings \| table sourceIPs{} user.username user.groups{} objectRef.namespace requestURI annotations.authorization.k8s.io/reason \| dedup user.username user.groups{} \|`kubernetes_azure_detect_sensitive_role_access_filter` Open in Search

Search

`kubernetes_azure` category=kube-audit | spath input=properties.log| search objectRef.resource=clusterroles OR clusterrolebindings | table sourceIPs{} user.username user.groups{} objectRef.namespace requestURI annotations.authorization.k8s.io/reason | dedup user.username user.groups{} |`kubernetes_azure_detect_sensitive_role_access_filter`

Open in Search