Views:
February 08, 2023, Container Security—Container Security has three new runtime rules. They are:
  • Detect file execution from the /dev/shm directory, a common tactic for threat actors to stash their files. (T1059.004)Execution from /dev/shm.
  • Detect usage of find or grep trying to access AWS credentials. (T1552.001)Find AWS Credentials.
  • Detect attempts to inject code into a process using PTRACE. (T1055.008)PTRACE attached to process.
You need to update your cluster's Runtime Rulesets in order to benefit from these new rules as per the documentation.