Product
medium
advisory
Kubelet API Connection Attempt to Internal IP
2 rules 2 TTPsThe rule detects network connection attempts to the Kubernetes Kubelet API ports 10250 and 10255 on internal IP ranges from Linux hosts, indicating potential lateral movement within container and cluster environments.
kubelet +2
kubernetes
lateral-movement
linux
container
2r
2t
medium
advisory
Unusual Process Connecting to Docker or Containerd Socket
2 rules 3 TTPsAn unusual process connecting to a container runtime Unix socket like Docker or Containerd can indicate an attacker attempting to bypass Kubernetes security measures for container manipulation.
Auditbeat +4
container
privilege-escalation
lateral-movement
linux
2r
3t