Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
Kubernetes - API |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
A Kubernetes dashboard service account was successfully used externally of the Kubernetes environment, which may indicate that the dashboard is exposed to the internet and does not require authentication.
Attacker's Goals
Gain initial access to the Kubernetes cluster.
Investigative actions
- Determine which Kubernetes resources were accessed through the dashboard.
- Check whether any changes were made to the Kubernetes cluster.