- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Set up the kubernetes integration.
Identify when a Kubernetes user attempts to perform a high number of actions that are denied in a short amount of time.
This rule identifies responses of the API server where the reason for the error is set to Forbidden
, indicating that an authenticated user attempted to perform an action that they are not explicitly authorized to perform.
The rule flags users who receive permission denied errors on several distinct API endpoints in a short amount of time.
{{@usr.id}}
is expected to perform the denied actions. If yes, the alert may be due to a misconfigured application or a service account with insufficient privileges.User Investigation
dashboard to review any user actions that may have occurred after the potentially malicious action.