T1613

Container and Resource Discovery

Adversaries may attempt to discover containers and other resources that are available within a containers environment. Other resources may include images, deployments, pods, nodes, and other information such as the status of a cluster. These resources can be viewed within web applications such as the Kubernetes dashboard or can be queried via the Docker and Kubernetes APIs.(Citation: Docker API)(Citation: Kubernetes API) In Docker, logs may leak information about the environment, such as the en...

Containers

Detections

Sources

Threat Actors

BY SOURCE

30elastic

PROCEDURES (18)

Token4 detections

Auto-extracted: 4 detections for token

Service3 detections

Auto-extracted: 3 detections for service

Credential2 detections

Auto-extracted: 2 detections for credential

Api2 detections

Auto-extracted: 2 detections for api

Privilege2 detections

Auto-extracted: 2 detections for privilege

Lateral2 detections

Auto-extracted: 2 detections for lateral

Container2 detections

Auto-extracted: 2 detections for container

Service2 detections

Auto-extracted: 2 detections for service

Api2 detections

Auto-extracted: 2 detections for api

Unusual1 detections

Auto-extracted: 1 detections for unusual

Token1 detections

Auto-extracted: 1 detections for token

Unusual1 detections

Auto-extracted: 1 detections for unusual

Privilege1 detections

Auto-extracted: 1 detections for privilege

Lateral1 detections

Auto-extracted: 1 detections for lateral

Credential1 detections

Auto-extracted: 1 detections for credential

Kubernetes1 detections

Auto-extracted: 1 detections for kubernetes

Unusual1 detections

Auto-extracted: 1 detections for unusual

Privilege1 detections

Auto-extracted: 1 detections for privilege

THREAT ACTORS (1)

TeamTNT

DETECTIONS (30)

Container Management Utility Execution Detected via Defend for Containers