jicowan
commented
3 years ago also add query for validation/mutating webhook registration
Open jicowan opened 3 years ago
jicowan
commented
3 years ago also add query for validation/mutating webhook registration
jicowan
commented
3 years ago Added queries for changes to aws-auth and creation of validation webhooks.
Audit changes to the aws-auth ConfigMap Monitor increases in 403 Forbidden and 401 Unauthorized response codes (already have Log Insights queries in the doc. Need to add timeframes) Anonymous calls to the API server alert when there's an increate in 403 Forbidden responses, show attributes host, sourceIPs, and k8s_user.username misconfigured RBAC policies, unusual API calls 401s: identify authentication issues (e.g., expired certificates or malformed tokens)