Container With A hostPath Mount Created (402b955c-8fe0-4a8c-b635-622b4ac5f902)
Detects creation of a container with a hostPath mount. A hostPath volume mounts a directory or a file from the node to the container. Attackers who have permissions to create a new pod in the cluster may create one with a writable hostPath volume and chroot to escape to the underlying node.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665) | Attack Pattern | Container With A hostPath Mount Created (402b955c-8fe0-4a8c-b635-622b4ac5f902) | Sigma-Rules | 1 |