Tag
medium
advisory
Kubernetes Scanning by Unauthenticated IP Address
2 rules 1 TTPDetects potential scanning activities within a Kubernetes environment by identifying multiple unauthorized access attempts (HTTP 403 responses) from unauthenticated IP addresses in Kubernetes audit logs, potentially indicating vulnerability probing or exploitation attempts.
Kubernetes
scanning
cloud
2r
1t
medium
advisory
Kubernetes Access Scanning Detection
2 rules 1 TTPThis analytic detects potential reconnaissance activities within a Kubernetes environment by identifying repeated failed access attempts or unusual API requests from unauthenticated users based on Kubernetes audit logs, indicating a potential attacker's preliminary reconnaissance.
Kubernetes
scanning
reconnaissance
2r
1t