February 08, 2023, Container Security—Container Security has three new runtime rules.
They are:
- Detect file execution from the /dev/shm directory, a common tactic for threat actors to stash their files. (T1059.004)Execution from /dev/shm.
- Detect usage of find or grep trying to access AWS credentials. (T1552.001)Find AWS Credentials.
- Detect attempts to inject code into a process using PTRACE. (T1055.008)PTRACE attached to process.
You need to update your cluster's Runtime Rulesets in order to benefit from these
new rules as per the documentation.