Pod

A single unit of shared resources within a cluster, comprised of one or more containers[1][2]

ID: DS0014
Platform: Containers
Collection Layer: Container
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Pod: Pod Creation

Initial construction of a new pod (ex: kubectl apply|run)

Pod: Pod Creation

Initial construction of a new pod (ex: kubectl apply|run)

Domain ID Name
Enterprise T1610 Deploy Container

Pod: Pod Enumeration

An extracted list of pods within a cluster (ex: kubectl get pods)

Pod: Pod Enumeration

An extracted list of pods within a cluster (ex: kubectl get pods)

Domain ID Name
Enterprise T1613 Container and Resource Discovery

Pod: Pod Metadata

Contextual data about a pod and activity around it such as name, ID, namespace, or status

Pod: Pod Metadata

Contextual data about a pod and activity around it such as name, ID, namespace, or status

Domain ID Name
Enterprise T1613 Container and Resource Discovery
Enterprise T1069 Permission Groups Discovery

Pod: Pod Modification

Changes made to a pod, including its settings and/or control data (ex: kubectl set|patch|edit)

Pod: Pod Modification

Changes made to a pod, including its settings and/or control data (ex: kubectl set|patch|edit)

Domain ID Name
Enterprise T1610 Deploy Container

References