analyzing-kubernetes-audit-logs
CommunityDetect Kubernetes audit threats from logs.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyzing Kubernetes API server audit logs to detect security-relevant events such as exec-into-pod, secret access, RBAC modifications, privileged pod creation, and anonymous API access, enabling faster investigation and response.
Core Features & Use Cases
- Detect pod exec/attach events to identify shell access into containers.
- Flag unauthorized secret access and RBAC changes for rapid investigative triage.
- Surface anonymous API access and privileged pod creation across namespaces for alerting and containment.
- Provide structured findings suitable for SIEMs, incident reports, and automation pipelines.
Quick Start
Use the analyzing-kubernetes-audit-logs skill to parse a Kubernetes audit log file and generate a consolidated findings report.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-kubernetes-audit-logs Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-kubernetes-audit-logs Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.