home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-analyzing-kubernetes-audit-logs-skill-md
debuggingtools
analyzing-kubernetes-audit-logs
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
maintainer
mukul975
更新于 4/6/2026
星标
4240
分支
464
quick start
Installation and usage
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
安装
$ install --globalskills.sh
使用
安装后,您可以通过在终端运行以下命令来使用此技能:
skills use analyzing-kubernetes-audit-logs