Kubernetes Detections

Name Data Source Technique Type Analytic Story Date
Amazon EKS Kubernetes cluster scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2025-05-02
Amazon EKS Kubernetes Pod scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2025-05-02
GCP Kubernetes cluster pod scan detection Cloud Service Discovery Hunting Kubernetes Scanning Activity 2025-05-02
Kubernetes Abuse of Secret by Unusual Location Kubernetes Audit Container API Anomaly Kubernetes Security 2025-05-02
Kubernetes Abuse of Secret by Unusual User Agent Kubernetes Audit Container API Anomaly Kubernetes Security 2025-05-02
Kubernetes Abuse of Secret by Unusual User Group Kubernetes Audit Container API Anomaly Kubernetes Security 2025-05-02
Kubernetes Abuse of Secret by Unusual User Name Kubernetes Audit Container API Anomaly Kubernetes Security 2025-05-02
Kubernetes Access Scanning Kubernetes Audit Network Service Discovery Anomaly Kubernetes Security 2025-05-02
Kubernetes Anomalous Inbound Network Activity from Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Anomalous Inbound Outbound Network IO User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Anomalous Inbound to Outbound Network IO Ratio User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Anomalous Outbound Network Activity from Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Anomalous Traffic on Network Edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes AWS detect suspicious kubectl calls Kubernetes Audit N/A Anomaly Kubernetes Security 2025-05-02
Kubernetes Create or Update Privileged Pod Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes Cron Job Creation Kubernetes Audit Container Orchestration Job Anomaly Kubernetes Security 2025-05-02
Kubernetes DaemonSet Deployed Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes Falco Shell Spawned Kubernetes Falco User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes newly seen TCP edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes newly seen UDP edge User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Nginx Ingress LFI Exploitation for Credential Access TTP Dev Sec Ops 2025-05-02
Kubernetes Nginx Ingress RFI Exploitation for Credential Access TTP Dev Sec Ops 2025-05-02
Kubernetes Node Port Creation Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes Pod Created in Default Namespace Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes Pod With Host Network Attachment Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
Kubernetes Previously Unseen Container Image Name User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Previously Unseen Process User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Process Running From New Path User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Process with Anomalous Resource Utilisation User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Process with Resource Ratio Anomalies User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Scanner Image Pulling Cloud Service Discovery TTP Dev Sec Ops 2025-05-02
Kubernetes Scanning by Unauthenticated IP Address Kubernetes Audit Network Service Discovery Anomaly Kubernetes Security 2025-05-02
Kubernetes Shell Running on Worker Node User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Shell Running on Worker Node with CPU Activity User Execution Anomaly Abnormal Kubernetes Behavior using Splunk Infrastructure Monitoring 2025-05-02
Kubernetes Suspicious Image Pulling Kubernetes Audit Cloud Service Discovery Anomaly Kubernetes Security 2025-05-02
Kubernetes Unauthorized Access Kubernetes Audit User Execution Anomaly Kubernetes Security 2025-05-02
OSZAR »