Skip to content
Threat Feed

Product

Auditbeat-*

1 brief RSS
high advisory

Kubernetes and Cloud Credential Path Access via Process Arguments

This rule detects Linux process executions that access sensitive Kubernetes, cloud, and SSH credential files via common utilities, potentially indicating credential theft.

Elastic Defend +4 credential-access kubernetes cloud linux
2r 2t