Delete EKS cluster¶
An adversary may attempt to delete EKS cluster
|name||str||Cluster name which will be deleted||cluster_name|
aws eks delete-cluster --name cluster_name
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.
eventName:DeleteCluster AND eventSource:*.eks.amazonaws.com
--- title: Delete EKS cluster id: testing status: experimental author: Anela Tiro date: 2023-07-01 description: An adversary may attempt to delete EKS cluster logsource: service: cloudtrail detection: selection_source: - eventSource: "*.eks.amazonaws.com" events: - eventName: "DeleteCluster" condition: selection_source AND events level: low tags: - attack.None