Container Administration Command
Adversaries may abuse a container administration service to execute commands within a container. A container administration service such as the Docker daemon, the Kubernetes API server, or the kubelet may allow remote management of containers within an environment.(Citation: Docker Daemon CLI)(Citation: Kubernetes API)(Citation: Kubernetes Kubelet) In Docker, adversaries may specify an entrypoint during container deployment that executes a script or command, or they may use a command such as <c...
BY SOURCE
PROCEDURES (10)
Auto-extracted: 3 detections for general monitoring
Auto-extracted: 2 detections for token
Auto-extracted: 2 detections for unusual
Auto-extracted: 2 detections for privilege
Auto-extracted: 2 detections for cloud monitoring
Auto-extracted: 2 detections for persist
Auto-extracted: 1 detections for kubernetes
Auto-extracted: 1 detections for api
Auto-extracted: 1 detections for unusual
Auto-extracted: 1 detections for token