Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0004 ✕ technique: T1613 ✕
Show ATT&CK heatmapKubelet server communication from a pod Informational 1 variation
The Kubelet server was accessed from within a pod, which may indicate an attempt to escape container boundaries or escalate privileges.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- N/A (single event)
- Deduplication:
- 1 Day
ATT&CK tactics: Privilege Escalation (TA0004) Discovery (TA0007)ATT&CK techniques: Escape to Host (T1611) Container and Resource Discovery (T1613)Required data: XDR AgentDetector tags: Kubernetes - AGENTAttacker's goals: Usage of the Kubelet server to attempt a container breakout or escalate privileges.Investigative actions: Examine the process on the pod to understand its purpose.Variations
Kubelet server communication from a pod by a first seen process
Low overridden
The Kubelet server was accessed from within a pod, which may indicate an attempt to escape container boundaries or escalate privileges. overridden