Create Pod (kubernetes)
Platform | Author | Last Update |
---|---|---|
kubernetes | Leo Tsaousis | 2024-12-02 |
Deploy a malicious container.
For this test case, the example image for the rogue container is fetched from a public repository, however rogue containers may use existing images for alternative purposes.
MITRE IDs
Scope
This test case does not need Cluster-wide permissions
Required Permissions
Required Parameters
Name | Type | Description | Example Value |
---|---|---|---|
podname | str | Name of the pod to be created | leonidas-netutils-pod |
imagename | str | Name of the image to be used | skybound/net-utils |
command | str | Command to execute within the new pod | sleep 3600 |
Attacker Action
Detection Case
ELK query
When logs are ingested into ELK, the following query can be used to identify relevant events.