Runtime Detection
Runtime detection surfaces suspicious activity from within the cluster when runtime monitoring is enabled.
What It Looks Like in the Platform:
- Alerts/events grouped by severity and rule
- Context such as workload/pod/namespace, timestamps, and event details
- Notification workflows (e.g., Slack) when configured
Common Use Cases
- Detect unexpected execution behavior
- Highlight anomalous process/network patterns
- Provide near-real-time visibility for incident response workflows