Product
high
advisory
AWS EKS Control Plane Logging Disabled
1 rule 1 TTPElastic identified a defense evasion technique where an attacker, having gained unauthorized access, issues an UpdateClusterConfig request to disable Amazon EKS control plane logging, significantly reducing visibility into subsequent malicious cluster activity.
Amazon EKS
cloud
kubernetes
aws
defense-evasion
1r
1t
high
advisory
Kubernetes and Cloud Credential Path Access via Process Arguments
3 rules 2 TTPsThis rule detects Linux process executions that access high-value Kubernetes service-account material, kubeconfig or node PKI paths, or common cloud files, potentially indicating credential theft within in-cluster and hybrid environments.
Amazon EKS +6
credential-access
threat-detection
kubernetes
cloud
linux
3r
2t