Kubernetes Events Deleted

Rule Info

Name
Kubernetes Events Deleted
Author
Leo Tsaousis (@laripping)
Description
Detects when events are deleted in Kubernetes. An adversary may delete Kubernetes events in an attempt to evade detection.
Reference
https://microsoft.github.io/Threat-Matrix-for-Kubernetes/techniques/Delete%20K8S%20events/
Date
2024-03-26 00:00:00
Modified
None
Id
3132570d-cab2-4561-9ea6-1743644b2290
Tags
attack.defense-evasion attack.t1070
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=3132570d-cab2-4561-9ea6-1743644b2290

Rule History

Author
Title
Date
Commit
david-syk
Merge PR #5389 from @david-syk - Update MITRE ATT&CK tags
2025-05-20
6fe3ac8a0
github-actions[bot]
Merge PR #5177 from @nasbench - promote older rules status from `experimental` to `test`
2025-02-03
2bfb0935a
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Leo Tsaousis
Merge PR #4694 from @LAripping - Add native Kubernetes detections
2024-03-26
0d63f52ff
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022