This hunting rule targets Kubernetes service account interactions by examining access to pods and namespaces based on IP addresses and verbs. It specifically pulls data from the `kube-audit` logs using the `kubernetes_azure` category, allowing security analysts to assess which service accounts are interacting with specific pod namespaces. The rule filters to identify service accounts, including those of system service accounts and anonymous users, alongside their respective action verbs, response statuses, and source IPs. The results are formatted in a table to provide a clear overview, highlighting the most frequent interactions by source IPs, users, verbs, response statuses, and pod namespaces. However, it is crucial for analysts to apply contextual understanding to interpret the data correctly, as not all service account interactions are indicative of malicious activity. The implementation requires the Microsoft Cloud Services Add-on and the configuration of Kube-Audit data diagnostics for accurate log collection.