DC0019 Pod Creation
| Item | Value |
|---|---|
| ID | DC0019 |
| Version | 2.0 |
| Created | 20 October 2021 |
| Last Modified | 21 October 2025 |
Log Sources
| Name | Channel |
|---|---|
| AWS:CloudTrail | CreatePod: Programmatic creation of new pod resources using container images not seen before in the environment |
| kubernetes:audit | create |
Detection Strategy
| ID | Name | Technique Detected |
|---|---|---|
| DET0083 | Container CLI and API Abuse via Docker/Kubernetes (T1059.013) | T1059.013 |
| DET0473 | Detect persistent or elevated container services via container runtime or cluster manipulation | T1543.005 |