home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-analyzing-kubernetes-audit-logs-skill-md
debuggingtools
analyzing-kubernetes-audit-logs
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
maintainer
mukul975
Actualizado 4/6/2026
Estrellas
4240
Forks
464
quick start
Installation and usage
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
Instalación
$ install --globalskills.sh
Uso
Después de instalarlo, puedes usar este skill ejecutando el siguiente comando en tu terminal:
skills use analyzing-kubernetes-audit-logs