Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
Kubernetes - AGENT |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A container administration service was used to execute commands within a Kubernetes Pod.
Attacker's Goals
Attackers may use the container administration commands to execute commands within a Kubernetes Pod.
Investigative actions
Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.
Variations
Remote code execution into Kubernetes Pod from another Pod for the first timeRemote code execution into Kubernetes Pod from another Pod
Remote code execution into Kubernetes Pod for the first time