This rule aims to detect instances of Kubernetes enumeration by monitoring the execution of the `kubectl get` command via the Splunk platform. It specifically looks for API calls made with `--limit` parameters to identify attempts to list resources within a Kubernetes cluster, which is a common action performed during reconnaissance by threat actors. TeamTNT is associated with this behavior as they utilize similar techniques in their attacks against Kubernetes infrastructure. Additionally, the rule implements various regex patterns to capture relevant URIs and employs statistics to quantify distinct URIs queried during the time frame of interest. The key focus is to uncover unauthorized resource discovery activities that may indicate malicious intent.