Kubernetes Activity
Lacework generates Kubernetes-activity-based alerts when there are Kubernetes-activity-related vulnerabilities detected. You can define alert rules to trigger alerts when Kubernetes-activity-related vulnerabilities are found. See Alert Rules.
Alert List
The following table lists all the Kubernetes-activity-based alerts.
| Alert Name | Alert Type | Event Model | Alert Subcategory |
|---|---|---|---|
| K8s audit log cluster role created | NewK8sAuditLogClusterRole | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role binding created | NewK8sAuditLogClusterRoleBinding | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role bindings to admin | NewK8sAuditLogClusterRoleBindingsToAdmin | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role bindings to cluster admin | NewK8sAuditLogClusterRoleBindingsToClusterAdmin | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role bindings to edit | NewK8sAuditLogClusterRoleBindingsToEdit | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role bindings to system | NewK8sAuditLogClusterRoleBindingsToSystem | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role with all resources | NewK8sAuditLogClusterRoleWithAllResources | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role with pod exec | NewK8sAuditLogClusterRoleWithPodExec | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role with pods write | NewK8sAuditLogClusterRoleWithPodsWrite | K8sAuditLog | Kubernetes Activity |
| K8s audit log cluster role with secrets | NewK8sAuditLogClusterRoleWithSecrets | K8sAuditLog | Kubernetes Activity |
| K8s audit log ingress created | NewK8sAuditLogIngress | K8sAuditLog | Kubernetes Activity |
| K8s audit log namespace created | NewK8sAuditLogNamespace | K8sAuditLog | Kubernetes Activity |
| K8s audit log resource created | NewK8sAuditLogResource | K8sAuditLog | Kubernetes Activity |
| K8s audit log role created | NewK8sAuditLogRole | K8sAuditLog | Kubernetes Activity |
| K8s audit log role binding created | NewK8sAuditLogRoleBinding | K8sAuditLog | Kubernetes Activity |
| K8s audit log role bindings to admin | NewK8sAuditLogRoleBindingsToAdmin | K8sAuditLog | Kubernetes Activity |
| K8s audit log role bindings to cluster admin | NewK8sAuditLogRoleBindingsToClusterAdmin | K8sAuditLog | Kubernetes Activity |
| K8s audit log role bindings to edit | NewK8sAuditLogRoleBindingsToEdit | K8sAuditLog | Kubernetes Activity |
| K8s audit log role bindings to system | NewK8sAuditLogRoleBindingsToSystem | K8sAuditLog | Kubernetes Activity |
| K8s audit log role with all resources | NewK8sAuditLogRoleWithAllResources | K8sAuditLog | Kubernetes Activity |
| K8s audit log role with pod exec | NewK8sAuditLogRoleWithPodExec | K8sAuditLog | Kubernetes Activity |
| K8s audit log role with pods write | NewK8sAuditLogRoleWithPodsWrite | K8sAuditLog | Kubernetes Activity |
| K8s audit log role with secrets | NewK8sAuditLogRoleWithSecrets | K8sAuditLog | Kubernetes Activity |
| K8s audit log workload created | NewK8sAuditLogWorkload | K8sAuditLog | Kubernetes Activity |
| New K8s workload created with privilege escalation | NewK8sAuditLogWorkloadAllowsEscalation | K8sAuditLog | Kubernetes Activity |
| New K8s workload created with host access | NewK8sAuditLogWorkloadWithHostAccess | K8sAuditLog | Kubernetes Activity |
Suppress an Alert
Suppressing specific Kubernetes-activity alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.