Tag
The rule detects the creation of Kubernetes service account tokens through the TokenRequest API by non-system identities, which can be abused to escalate privileges, pivot to cloud resources, or generate persistent tokens, bypassing file system-based detection.