Tag
low
advisory
Kubernetes Unusual Decision by User Agent
2 rules 1 TTPThis rule detects unusual request responses in Kubernetes audit logs by monitoring for anomalies in username and response annotations, potentially identifying unauthorized access or misconfigurations.
Kubernetes
audit-logs
threat-detection
2r
1t
high
advisory
GitHub Enterprise Audit Log Streaming Disabled
2 rules 2 TTPsA user disabling audit log event streaming in GitHub Enterprise could indicate an attacker attempting to prevent their malicious activities from being logged and detected.
GitHub Enterprise
github
audit-logs
defense-evasion
cloud
2r
2t