From b1f026701fd1c1cf765dcfcdae3db5aa9e10e357 Mon Sep 17 00:00:00 2001 From: Patrick Date: Thu, 14 Dec 2023 11:12:22 +0100 Subject: [PATCH] Kubernetes Cron Job --- .../kubernetes_audit_cron_job_creation.json | 3 +++ .../kubernetes_audit_cron_job_creation.yml | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.json create mode 100644 datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.yml diff --git a/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.json b/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.json new file mode 100644 index 00000000..753e06f9 --- /dev/null +++ b/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.json @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9826b39d9c2d2998f7313414980429af6600ee8db118cec80dabb81461ee5974 +size 4498 diff --git a/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.yml b/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.yml new file mode 100644 index 00000000..6c2585e2 --- /dev/null +++ b/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.yml @@ -0,0 +1,11 @@ +author: Patrick Bareiss +id: 18171239-e152-41f4-a1af-459d1b2aacb3 +date: '2023-12-14' +description: Kubernetes audit logs which contains a creation of a cron job. +environment: attack_range +dataset: +- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1053.007/kubernetes_audit_cron_job_creation/kubernetes_audit_cron_job_creation.json +sourcetypes: +- aws:cloudwatchlogs +references: +- https://attack.mitre.org/techniques/T1053/007