Kubernetes Activity Anomaly Alerts

Lacework generates Kubernetes-activity-based alerts when there are Kubernetes-activity-related vulnerabilities detected. You can define alert rules to trigger alerts when Kubernetes-activity-related vulnerabilities are found. See Alert Rules.

Alert List

The following table lists all the Kubernetes-activity-based alerts.

Alert Name	Alert Type	Alert Subcategory
K8s audit log cluster role created	NewK8sAuditLogClusterRole	Kubernetes Activity
K8s audit log cluster role binding created	NewK8sAuditLogClusterRoleBinding	Kubernetes Activity
K8s audit log cluster role bindings to admin	NewK8sAuditLogClusterRoleBindingsToAdmin	Kubernetes Activity
K8s audit log cluster role bindings to cluster admin	NewK8sAuditLogClusterRoleBindingsToClusterAdmin	Kubernetes Activity
K8s audit log cluster role bindings to edit	NewK8sAuditLogClusterRoleBindingsToEdit	Kubernetes Activity
K8s audit log cluster role bindings to system	NewK8sAuditLogClusterRoleBindingsToSystem	Kubernetes Activity
K8s audit log cluster role with all resources	NewK8sAuditLogClusterRoleWithAllResources	Kubernetes Activity
K8s audit log cluster role with pod exec	NewK8sAuditLogClusterRoleWithPodExec	Kubernetes Activity
K8s audit log cluster role with pods write	NewK8sAuditLogClusterRoleWithPodsWrite	Kubernetes Activity
K8s audit log cluster role with secrets	NewK8sAuditLogClusterRoleWithSecrets	Kubernetes Activity
K8s audit log ingress created	NewK8sAuditLogIngress	Kubernetes Activity
K8s audit log namespace created	NewK8sAuditLogNamespace	Kubernetes Activity
K8s audit log resource created	NewK8sAuditLogResource	Kubernetes Activity
K8s audit log role created	NewK8sAuditLogRole	Kubernetes Activity
K8s audit log role binding created	NewK8sAuditLogRoleBinding	Kubernetes Activity
K8s audit log role bindings to admin	NewK8sAuditLogRoleBindingsToAdmin	Kubernetes Activity
K8s audit log role bindings to cluster admin	NewK8sAuditLogRoleBindingsToClusterAdmin	Kubernetes Activity
K8s audit log role bindings to edit	NewK8sAuditLogRoleBindingsToEdit	Kubernetes Activity
K8s audit log role bindings to system	NewK8sAuditLogRoleBindingsToSystem	Kubernetes Activity
K8s audit log role with all resources	NewK8sAuditLogRoleWithAllResources	Kubernetes Activity
K8s audit log role with pod exec	NewK8sAuditLogRoleWithPodExec	Kubernetes Activity
K8s audit log role with pods write	NewK8sAuditLogRoleWithPodsWrite	Kubernetes Activity
K8s audit log role with secrets	NewK8sAuditLogRoleWithSecrets	Kubernetes Activity
K8s audit log workload created	NewK8sAuditLogWorkload	Kubernetes Activity
New K8s workload created with privilege escalation	NewK8sAuditLogWorkloadAllowsEscalation	Kubernetes Activity
New K8s workload created with host access	NewK8sAuditLogWorkloadWithHostAccess	Kubernetes Activity

Suppress an Alert

Suppressing specific Kubernetes-activity alerts reduces the number of alerts and allows you to focus on the assets that are most important to you. For details, see Suppress Behavior Anomaly Alerts.