- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect execution of a container management utility (for example, kubectl
or docker
) in a container.
After an attacker’s initial intrusion into a victim container (for example, through a web shell exploit), they may attempt to enumerate other pods or containers, escalate privileges, or exfiltrate secrets by running container management orchestration utilities. This detection triggers when execution of one of a set of common container management utilities (like kubectl
or docker
) executes with specific process arguments detected in a container. If this is unexpected behavior, it could indicate an attacker attempting to compromise your pods, containers, and hosts.
Requires version 7.27 or higher