home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-analyzing-kubernetes-audit-logs-skill-md
debuggingtools
analyzing-kubernetes-audit-logs
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
maintainer
mukul975
Atualizado 4/6/2026
Estrelas
4240
Forks
464
quick start
Installation and usage
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
Instalação
$ install --globalskills.sh
Uso
Depois de instalar, você pode usar esta skill executando o seguinte comando no terminal:
skills use analyzing-kubernetes-audit-logs