who_shelled_into_pod

Identify users who accessed a specific Kubernetes pod by name, namespace, and time range. Audit shell access events to enhance cluster security and monitor activity.

Instructions

Get users who shelled into a pod with the given name and namespace around the given time

Input Schema

Name	Required	Description
`cluster_id`	No	Optional Cluster ID
`from_time`	No	Start time of the time range to search for audit events. Example: 2024-01-01T00:00:00Z. Default: 7 days ago
`limit`	No	Maximum number of results to return
`name`	No	Optional Pod name
`namespace`	No	Optional Pod namespace
`page`	No	Page number to return
`to_time`	No	End time of the time range to search for audit events. Example: 2024-01-03T00:00:00Z

Input Schema (JSON Schema)

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "additionalProperties": false,
  "properties": {
    "cluster_id": {
      "description": "Optional Cluster ID",
      "type": "string"
    },
    "from_time": {
      "description": "Start time of the time range to search for audit events. Example: 2024-01-01T00:00:00Z. Default: 7 days ago",
      "type": "string"
    },
    "limit": {
      "default": 20,
      "description": "Maximum number of results to return",
      "type": "number"
    },
    "name": {
      "description": "Optional Pod name",
      "type": "string"
    },
    "namespace": {
      "description": "Optional Pod namespace",
      "type": "string"
    },
    "page": {
      "default": 1,
      "description": "Page number to return",
      "type": "number"
    },
    "to_time": {
      "description": "End time of the time range to search for audit events. Example: 2024-01-03T00:00:00Z",
      "type": "string"
    }
  },
  "type": "object"
}

RAD Security

who_shelled_into_pod

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from RAD Security

Related Tools

MCP directory API