This detection rule monitors for the creation or modification of Kubernetes CronJobs and Jobs. A Kubernetes Job is used to run pods for tasks that should be completed, whereas a CronJob allows for the scheduling of Jobs to run at specified times. Due to their functional capabilities, compromised CronJobs can be exploited by malicious actors to execute arbitrary code and maintain persistence within a Kubernetes environment. The rule triggers on specific audit events that indicate a modification or creation action on these resources, potentially alerting system administrators to unauthorized activities targeting job scheduling within Kubernetes clusters.