1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Google Kubernetes Engine

GCP google_kubernetes_engine Mappings

Google Kubernetes Engine (GKE) provides the ability to secure containers across many layers of the stack, to include container images, container runtime, cluster network, and access to cluster API.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
google_kubernetes_engine Google Kubernetes Engine protect partial T1613 Container and Resource Discovery
Comments
By default, GKE nodes use Google's Container-Optimized OS to enhance the security of GKE clusters, including: Locked down firewall, read-only filesystem, limited user accounts, and disabled root login.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine protect partial T1611 Escape to Host
Comments
By default, GKE nodes use Google's Container-Optimized OS to enhance the security of GKE clusters, including: Read-only filesystem, limited user accounts, and disabled root login.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine detect partial T1611 Escape to Host
Comments
GKE provides the ability to audit against a Center for Internet Security (CIS) Benchmark which is a set of recommendations for configuring Kubernetes to support a strong security posture. The Benchmark is tied to a specific Kubernetes release.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine protect partial T1610 Deploy Container
Comments
Kubernetes role-based access control (RBAC), uses granular permissions to control access to resources within projects and objects within Kubernetes clusters.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine protect partial T1053.007 Container Orchestration Job
Comments
GKE provides the ability to audit against a set of recommended benchmark [Center for Internet Security (CIS)]. This control may avoid privileged containers and running containers as root.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine protect partial T1609 Container Administration Command
Comments
This control may provide provide information about vulnerabilities within container images, such as the risk from remote management of a deployed container. With the right permissions, an adversary could escalate to remote code execution in the Kubernetes cluster.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks
google_kubernetes_engine Google Kubernetes Engine detect partial T1525 Implant Internal Image
Comments
After scanning for vulnerabilities, this control may alert personnel of tampered container images that could be running in a Kubernetes cluster.
References
  1. https://cloud.google.com/kubernetes-engine/docs/concepts/access-control
  2. https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#how_to_audit_benchmarks