Home » Archive for April 2026

Shadow Workloads: How to Find and Monitor Unchecked Static Pods on Your Nodes

- Posted in Incident Response by
Shadow Workloads: How to Find and Monitor Unchecked Static Pods on Your Nodes
Background: During incident response activities at the cluster level, we should not focus solely on pods created via kubectl that are managed by the Kubernetes control plane (kubelet and etcd). It is [...] Read more

Kubernetes Incident Response Hunting: Identifying Anomalies in etcd During a Rapid Response Situation

- Posted in Incident Response by
Kubernetes Incident Response Hunting: Identifying Anomalies in etcd During a Rapid Response Situation
Background: During incident response activities in Kubernetes, we need to ensure that artifacts have not been altered. One of the best places to hunt for artifacts is etcd, where Kubernetes stores [...] Read more

Kubernetes Incident Response Hunting: Identifying Malicious Traffic at the Node Level

- Posted in Incident Response by
Kubernetes Incident Response Hunting: Identifying Malicious Traffic at the Node Level
Background: Sometimes, you may encounter situations where no logs are being stored for your Kubernetes pods. In such cases, you still need to investigate potential malicious network activity using [...] Read more

Timeline Analysis for Kubernetes Security: Identifying Supply Chain Compromises Through Threat Hunting

- Posted in Incident Response by
Timeline Analysis for Kubernetes Security: Identifying Supply Chain Compromises Through Threat Hunting
Background: As we continue our journey through action reconstruction in Kubernetes, we have already discussed one of the forensic methods for supply chain attack investigation at the pod level. Now, [...] Read more