This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.
Finding description
A webhook configuration has been detected in your GKE cluster. Webhooks can intercept and modify Kubernetes API requests, which potentially allows attackers to persist within your cluster or manipulate resources.
- Identify the purpose and origin of the webhook configuration. Verify that it is from a trusted source and serves a legitimate purpose.
- Review the webhook configuration to understand its scope and the types of requests it intercepts.
- Monitor the webhook activity for any suspicious or unauthorized actions.
- If the webhook is not necessary or its behavior is concerning, consider removing or disabling it.
What's next
- Learn how to work with threat findings in Security Command Center.
- Refer to the Threat findings index.
- Learn how to review a finding through the Google Cloud console.
- Learn about the services that generate threat findings.