home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-analyzing-kubernetes-audit-logs-skill-md
debuggingtools
analyzing-kubernetes-audit-logs
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
maintainer
mukul975
更新於 4/6/2026
星標
4240
分支
464
quick start
Installation and usage
Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access. Builds threat detection rules from audit event patterns. Use when investigating Kubernetes cluster compromise or building k8s-specific SIEM detection rules.
安裝
$ install --globalskills.sh
使用
安裝後,您可以通過在終端運行以下命令來使用此技能:
skills use analyzing-kubernetes-audit-logs