Kubernetes Events Deleted

Rule Info

Name
Kubernetes Events Deleted
Author
Leo Tsaousis (@laripping)
Description
Detects when events are deleted in Kubernetes. An adversary may delete Kubernetes events in an attempt to evade detection.
Reference
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Delete%20K8S%20events/
Date
2024-03-26 00:00:00
Modified
None
Id
3132570d-cab2-4561-9ea6-1743644b2290
Tags
attack.t1070 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=3132570d-cab2-4561-9ea6-1743644b2290

Rule History

Author
Title
Date
Commit
Leo Tsaousis
Merge PR #4694 from @LAripping - Add native Kubernetes detections
2024-03-26
0d63f52ff
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022