Navigation :

Kubernetes GCP Detect Suspicious Kubectl Calls

Description

This search provides information on anonymous Kubectl calls with IP, verb namespace and object access context

Help
Kubernetes GCP Detect Suspicious Kubectl Calls Help You must install splunk add on for GCP. This search works with pubsub messaging logs.

Help

Kubernetes GCP Detect Suspicious Kubectl Calls Help

You must install splunk add on for GCP. This search works with pubsub messaging logs.

Search
`google_gcp_pubsub_message` data.protoPayload.requestMetadata.callerSuppliedUserAgent=kubectl* src_user=system:unsecured OR src_user=system:anonymous \| table src_ip src_user data.protoPayload.requestMetadata.callerSuppliedUserAgent data.protoPayload.authorizationInfo{}.granted object_path \|dedup src_ip src_user \|`kubernetes_gcp_detect_suspicious_kubectl_calls_filter` Open in Search

Search

`google_gcp_pubsub_message` data.protoPayload.requestMetadata.callerSuppliedUserAgent=kubectl* src_user=system:unsecured OR src_user=system:anonymous | table src_ip src_user data.protoPayload.requestMetadata.callerSuppliedUserAgent data.protoPayload.authorizationInfo{}.granted object_path |dedup src_ip src_user |`kubernetes_gcp_detect_suspicious_kubectl_calls_filter`

Open in Search