This incident type is characterized by the detection of unauthorized access to the Kubernetes API server. This unauthorized access potentially enables attackers to manipulate cluster resources. This playbook is designed to help investigate and respond to unauthorized access incidents detected on the Kubernetes API server.