- Essentials
- In The App
- Infrastructure
- Application Performance
- Log Management
- Security Platform
- UX Monitoring
- Administration
Set up the kubernetes integration.
Identify when a new Kubernetes admission controller is created in the cluster.
Admission controllers can intercept all incoming requests to the API server. An attacker can use them to establish persistence or to access sensitive data (such as secrets) sent to the API server.
This rule identifies when a MutatingWebhookConfiguration
or ValidatingWebhookConfiguration
is created.
{{@usr.id}}
should be creating the admission controller.User Investigation
dashboard to review user actions that occurred after the potentially malicious action.