Kubernetes Admission Controller Modification

Rule Info

Name
Kubernetes Admission Controller Modification
Author
kelnage
Description
Detects when a modification (create, update or replace) action is taken that affects mutating or validating webhook configurations, as they can be used by an adversary to achieve persistence or exfiltrate access credentials.
Date
2024-07-11 00:00:00
Modified
None
Id
eed82177-38f5-4299-8a76-098d50d225ab
Tags
attack.persistence attack.t1078 attack.credential-access attack.t1552 attack.t1552.007 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nick Moore
Merge PR #4899 from @kelnage - Add Kubernetes rules in audit log format
2024-07-11