- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect execution of a container management utility (for example, kubectl
or docker
) in a container.
After an attacker’s initial intrusion into a victim container (for example, through a web shell exploit), they may attempt to enumerate other pods or containers, escalate privileges, or exfiltrate secrets by running container management orchestration utilities. This detection triggers when execution of one of a set of common container management utilities (like kubectl
or docker
) executes with specific process arguments detected in a container. If this is unexpected behavior, it could indicate an attacker attempting to compromise your pods, containers, and hosts.
Requires version 7.27 or higher