Kubernetes Secrets Enumeration
Detects enumeration of Kubernetes secrets.
Sigma rule (View on GitHub)
1title: Kubernetes Secrets Enumeration
2id: eeb3e9e1-b685-44e4-9232-6bb701f925b5
3related:
4 - id: 7ee0b4aa-d8d4-4088-b661-20efdf41a04c
5 type: derived
6status: experimental
7description: Detects enumeration of Kubernetes secrets.
8references:
9 - https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/List%20K8S%20secrets/
10author: Leo Tsaousis (@laripping)
11date: 2024-03-26
12tags:
13 - attack.t1552.007
14logsource:
15 category: application
16 product: kubernetes
17 service: audit
18detection:
19 selection:
20 verb: 'list'
21 objectRef.resource: 'secrets'
22 condition: selection
23falsepositives:
24 - The Kubernetes dashboard occasionally accesses the kubernetes-dashboard-key-holder secret
25level: low
References
-
List Kubernetes secrets A Kubernetes secret is an object that lets users store and manage sensitive information, such as passwords and connection strings in the cluster. Secrets can be consumed by ...
Read More
Related rules
- Azure Kubernetes Admission Controller
- Google Cloud Kubernetes Admission Controller
- Kubernetes Admission Controller Modification