<  Back to rules search

Anonymous Request Authorized

kubernetes

Set up the kubernetes integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when an unauthenticated request user is permitted in Kubernetes.

Strategy

This rule monitors when any action is permitted (@http.status_code:[100 TO 299]) for an unauthenticated user (@user.username:\"system:anonymous\"). The /healthz endpoint is commonly accessed unauthenticated and it is excluded in the query filter.

Triage and response

  1. Inspect all of the HTTP paths accessed and determine if any of the path should be permitted by unauthenticated users.
  2. Determine what IP addresses accessed Kubernetes endpoints which may contain sensitive data.