Rule Info
Name
Kubernetes CronJob/Job Modification
Author
kelnage
Description
Detects when a Kubernetes CronJob or Job is created or modified.
A Kubernetes Job creates one or more pods to accomplish a specific task, and a CronJob creates Jobs on a recurring schedule.
An adversary can take advantage of this Kubernetes object to schedule Jobs to run containers that execute malicious code within a cluster, allowing them to achieve persistence.
Date
2024-07-11 00:00:00
Modified
None
Id
0c9b3bda-41a6-4442-9345-356ae86343dc
Tags
attack.persistence attack.privilege-escalation attack.execution DEMO
Type
Community Rule
Link to Public Repo