there are some detection rules that use kubernetes log data from Splunk Connect for kubernetes. But this is EOS in Jan 2024.
It would be greate to migrate all Detection rules using this data to log data coming from opentelemetry into splunk.
These are the ones I found:
detections/cloud/amazon_eks_kubernetes_pod_scan_detection.yml
detections/cloud/kubernetes_scanner_image_pulling.yml
but there could be more.
P4T12ICK
commented
1 year ago
there are some detection rules that use kubernetes log data from Splunk Connect for kubernetes. But this is EOS in Jan 2024.
It would be greate to migrate all Detection rules using this data to log data coming from opentelemetry into splunk. These are the ones I found: detections/cloud/amazon_eks_kubernetes_pod_scan_detection.yml detections/cloud/kubernetes_scanner_image_pulling.yml but there could be more.