Set up the kubernetes integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when a user attaches to a pod.
Strategy
This rule monitors when a user attaches (@objectRef.subresource:attach) to a pod (@objectRef.resource:pods).
A user should not need to attach to a pod. Attaching to a pod allows a user to attach to any process in a running container which may give an attacker access to sensitive data.
Triage and response
Determine if the user should be attaching to a running container.
Changelog
- 7 May 2024 - Updated detection query to include logs from Azure Kubernetes Service.
