Created
March 23, 2020 18:07
-
-
Save vicenteherrera/efda249d711086bba0ad461c53fa7cec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - rule: Anonymous Request Allowed | |
| desc: > | |
| Detect any request made by the anonymous user that was allowed | |
| condition: kevt and ka.user.name=system:anonymous and ka.auth.decision!=reject and not health_endpoint | |
| output: Request by anonymous user allowed (user=%ka.user.name verb=%ka.verb uri=%ka.uri reason=%ka.auth.reason)) | |
| priority: WARNING | |
| source: k8s_audit | |
| tags: [k8s] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment