Kubernetes Admission Controller Modification (eed82177-38f5-4299-8a76-098d50d225ab)

Detects when a modification (create, update or replace) action is taken that affects mutating or validating webhook configurations, as they can be used by an adversary to achieve persistence or exfiltrate access credentials.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Kubernetes Admission Controller Modification (eed82177-38f5-4299-8a76-098d50d225ab)	Sigma-Rules	1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Kubernetes Admission Controller Modification (eed82177-38f5-4299-8a76-098d50d225ab)	Sigma-Rules	1
Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	Kubernetes Admission Controller Modification (eed82177-38f5-4299-8a76-098d50d225ab)	Sigma-Rules	1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	2