A Framework for Kubernetes Incident Response

Kubernetes is used by organizations of all sizes to run production, mission critical applications. This fact is well known by attackers, who realize Kubernetes clusters are the “crown jewels” of an IT environment. Compromising a cluster grants an attacker access to sensitive data, control over business applications, and the ability to abuse an organization’s computing resources for cryptomining or criminal activity. 

This is a companion discussion topic for the original entry at https://www.kubermatic.com/blog/a-framework-for-kubernetes-incident-response/