Kubernetes GCP Detect Service Accounts Forbidden Failure Access

Description

This search provides information on Kubernetes service accounts with failure or forbidden access status, this search can be extended by using top or rare operators to find trends or rarities in failure status, user agents, source IPs and request URI

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search provides information on Kubernetes service accounts with failure or forbidden access status, this search can be extended by using top or rare operators to find trends or rarities in failure status, user agents, source IPs and request URI

SPL Difficulty

None

Journey

Stage 3

Data Sources

GCP
Audit Trail

   Help

Kubernetes GCP Detect Service Accounts Forbidden Failure Access Help

You must install splunk add on for GCP. This search works with pubsub messaging service logs.

   Search

Open in Search