diff --git a/packs/kubernetes.yml b/packs/kubernetes.yml
new file mode 100644
index 000000000..bf290a291
--- /dev/null
+++ b/packs/kubernetes.yml
@@ -0,0 +1,22 @@
+AnalysisType: pack
+PackID: PantherManaged.Kubernetes.Core
+DisplayName: "Panther Core Kubernetes Pack"
+Description: This is a group of detections that act on Kubernetes logs sourced from Amazon EKS.
+PackDefinition:
+  IDs:
+    # Kubernetes scheduled queries and rules
+    - Kubernetes.CronJobCreatedOrModified
+    - Kubernetes.DaemonSetDeployed
+    - Kubernetes.IOCActivity
+    - Kubernetes.NewAdmissionControllerCreated
+    - Kubernetes.OverlyPermissivePod
+    - Kubernetes.PodAttachedHostNetwork
+    - Kubernetes.PodCreatedDefaultNameSpace
+    - Kubernetes.PodHostPathVolumeMount
+    - Kubernetes.PodUsingHostPIDNamespace
+    - Kubernetes.PodUsingIPCNamespace
+    - Kubernetes.PrivilegedPodCreated
+    - Kubernetes.SecretEnumeration
+    - Kubernetes.ServiceTypeNodePortDeployed
+    - Kubernetes.UnauthenticatedAPIRequest
+    - Kubernetes.UnauthorizedPodExecution
\ No newline at end of file