Closed LAripping closed 9 months ago
This PR adds a pipeline that allows authoring of Sigma rules for Kubernetes Audit logs.
Lucene queries generated by the pipeline have been tested successfully against a live ELK instance, when converted from the rules defined here
More details are provided in the commit message
Thanks for the PR - merged.
andurin
commented
9 months ago andurin
commented
9 months ago
This PR adds a pipeline that allows authoring of Sigma rules for Kubernetes Audit logs.
Lucene queries generated by the pipeline have been tested successfully against a live ELK instance, when converted from the rules defined here
More details are provided in the commit message