Rule Library

Sigma Rules

1 rule found for "uniqu3-us3r"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Kubernetes Potential Enumeration Activity

Detects potential Kubernetes enumeration or attack activity via the audit log. This includes the execution of common shells, utilities, or specialized tools like 'Rakkess' (access_matrix) and 'TruffleHog' via Kubernetes API requests. Attackers use these methods to perform reconnaissance (enumeration), secret harvesting, or execute code (exec) within a cluster.

Kubernetesaudit

TA0002 · ExecutionTA0007 · DiscoveryT1609 · Container Administration CommandT1613 · Container and Resource Discovery

uniqu3-us3rTue Apr 28application