Navigation :

Kubernetes GCP Detect Sensitive Role Access

Description

This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets

Help
Kubernetes GCP Detect Sensitive Role Access Help You must install splunk add on for GCP. This search works with pubsub messaging servicelogs.

Help

Kubernetes GCP Detect Sensitive Role Access Help

You must install splunk add on for GCP. This search works with pubsub messaging servicelogs.

Search
`google_gcp_pubsub_message` data.labels.authorization.k8s.io/reason=ClusterRoleBinding OR Clusterrole dest=apis/rbac.authorization.k8s.io/v1 src_ip!=::1 \| table src_ip src_user http_user_agent data.labels.authorization.k8s.io/decision data.labels.authorization.k8s.io/reason \| dedup src_ip src_user \|`kubernetes_gcp_detect_sensitive_role_access_filter` Open in Search

Search

`google_gcp_pubsub_message` data.labels.authorization.k8s.io/reason=ClusterRoleBinding OR Clusterrole dest=apis/rbac.authorization.k8s.io/v1 src_ip!=::1  | table src_ip src_user http_user_agent data.labels.authorization.k8s.io/decision data.labels.authorization.k8s.io/reason | dedup src_ip src_user |`kubernetes_gcp_detect_sensitive_role_access_filter`

Open in Search