Navigation :
Kubernetes GCP Detect Sensitive Role Access
Description
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Security Monitoring
Category
Adversary Tactics
Alert Volume
This search provides information on Kubernetes accounts accessing sensitve objects such as configmpas or secrets
SPL Difficulty
None
Journey
Stage 3
Data Sources
GCP
Audit Trail
Help |
---|
Kubernetes GCP Detect Sensitive Role Access HelpYou must install splunk add on for GCP. This search works with pubsub messaging servicelogs. |
Search |
---|
`google_gcp_pubsub_message` data.labels.authorization.k8s.io/reason=ClusterRoleBinding OR Clusterrole dest=apis/rbac.authorization.k8s.io/v1 src_ip!=::1 | table src_ip src_user http_user_agent data.labels.authorization.k8s.io/decision data.labels.authorization.k8s.io/reason | dedup src_ip src_user |`kubernetes_gcp_detect_sensitive_role_access_filter` Open in Search |