---
title: Kubernetes Pod Created with hostNetwork
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Kubernetes Pod Created with hostNetwork
---

# Kubernetes Pod Created with hostNetwork
Classification:attackTactic:[TA0004-privilege-escalation](https://attack.mitre.org/tactics/TA0004)Technique:[T1068-exploitation-for-privilege-escalation](https://attack.mitre.org/techniques/T1068) 
## Goal{% #goal %}

Detect when a pod is attached to the host network.

## Strategy{% #strategy %}

This rule monitors when a create (`@http.method:create`) action occurs for a pod (`@objectRef.resource:pods`) with the host network `@requestObject.spec.hostNetwork:true` attached.

Attaching the `hostNetwork` permits a pod to access the node's network adapter allowing a pod to listen to all network traffic for all pods on the node and communicate with other pods on the network namespace.

## Triage and response{% #triage-and-response %}

Determine if the pod needs `hostNetwork` access.

## Changelog{% #changelog %}

- 7 May 2024 - Updated detection query to include logs from Azure Kubernetes Service.
- 22 July 2024 - Updated detection query to include logs from Google Kubernetes Engine.