Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-729
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A pod with a hostPath volume mount is running on an asset where logging is not enabled. The pod has direct access to host filesystem paths, but there is no logging to detect unauthorized file reads, modifications, or credential harvesting via the mount. An attacker exploiting this pod can silently access and exfiltrate host-level data without triggering any alerts or leaving forensic evidence.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.pod_no_hostpath_volume', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Logging Enabled (True/False)
==
0
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum