Deceive, Detect, Engage

Azure Kubernetes Service (AKS) Honeypod

Deploy a decoy pod within an AKS cluster that mimics a legitimate application but contains fake data or triggers alerts upon access. Monitor network traffic and logs associated with this pod to identify attackers attempting to exploit vulnerabilities or gain access to sensitive information.

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0016 Network Manipulation, EAC0018 Security Controls

Name of Element: Azure Kubernetes Service (AKS) Honeypod

Description of Element:

Technical Context:

Placement: Within an AKS cluster, alongside other legitimate pods and services.

Requires knowledge of Kubernetes deployments, pod configuration, and network policies within AKS.

Other:

Att&ck/Engage Mapping: T1005 Data from Local System, E1506 Decoy System

Azure Kubernetes Service (AKS) Honeypod

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense