Set up the kubernetes integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a user attaches to a pod.
Strategy
This rule monitors when a user attaches (@objectRef.subresource:attach) to a pod (@objectRef.resource:pods).
A user should not need to attach to a pod. Attaching to a pod allows a user to attach to any process in a running container which may give an attacker access to sensitive data.
Triage and response
Determine if the user should be attaching to a running container.
Changelog
- 7 May 2024 - Updated detection query to include logs from Azure Kubernetes Service.
- 17 July 2024 - Updated detection query to include logs from Google Kubernetes Engine.
