Elastic × Kubernetes Audit
Production-ready Sigma rules generated by CloudSigma for the Kubernetes Audit schema.
Last reviewed:
11 SIEM × log-source combinations published in this batch. Every rule is generated and validated by CloudSigma; convert in-app to your specific dialect.
8 rules covering ATT&CK techniques on the Kubernetes Audit schema.
8 pages 0210 rules covering ATT&CK techniques on the Linux auditd schema.
10 pages 0339 rules covering ATT&CK techniques on the GCP Audit Logs schema.
39 pages 0440 rules covering ATT&CK techniques on the Azure Activity schema.
40 pages 056 rules covering ATT&CK techniques on the Entra ID Audit schema.
6 pages 065 rules covering ATT&CK techniques on the Entra ID Sign-in schema.
5 pages 0739 rules covering ATT&CK techniques on the AWS CloudTrail schema.
39 pages 0810 rules covering ATT&CK techniques on the ModSecurity schema.
10 pages 099 rules covering ATT&CK techniques on the Okta System Log schema.
9 pages 104 rules covering ATT&CK techniques on the Windows Security schema.
4 pages 1110 rules covering ATT&CK techniques on the Windows Sysmon schema.
10 pagesProduction-ready Sigma rules generated by CloudSigma for the Kubernetes Audit schema.
Production-ready Sigma rules generated by CloudSigma for the Linux auditd schema.
Production-ready Sigma rules generated by CloudSigma for the GCP Audit Logs schema.
Production-ready Sigma rules generated by CloudSigma for the Azure Activity schema.
Production-ready Sigma rules generated by CloudSigma for the Entra ID Audit schema.
Production-ready Sigma rules generated by CloudSigma for the Entra ID Sign-in schema.
Production-ready Sigma rules generated by CloudSigma for the AWS CloudTrail schema.
Production-ready Sigma rules generated by CloudSigma for the ModSecurity schema.
Production-ready Sigma rules generated by CloudSigma for the Okta System Log schema.
Production-ready Sigma rules generated by CloudSigma for the Windows Security schema.
Production-ready Sigma rules generated by CloudSigma for the Windows Sysmon schema.