Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
10 Minutes |
Deduplication Period |
7 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
Kubernetes - API |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
An identity attempted to discover available resources within a cluster.
This may indicate an adversary attempting to map the Kubernetes environment and discover resources that may assist to perform additional attacks within the environment.
Attacker's Goals
Map the cluster environment and detect potential resources to abuse.
Investigative actions
- Check the identity's role designation in the organization.
- Identify which available resources were discovered.
- Investigate if the discovered resources were used to extract sensitive information or perform other attacks in the cloud environment.