Kubernetes Runtime Protection Rules and Exclusions

These Runtime Protection rules and exclusions allow you to customize the CloudGuard security policy:

  • Exclusion - Classify a Security Event as benign and ignore similar future events.

  • Deny rule - Prevent malicious event recurrence by deleting (killing) the container that executes the operation.

Rules and Exclusions by Engines

You can define deny rules for Signatures, but not for File Reputation and Profiling. For File Reputation and Profiling engines, you can define only custom exclusions.

Security Events Deduplication

Alerts deduplication mechanism allows CloudGuard reduce the clutter caused by repeated alerts.

When the Runtime Protection engine detects an alert that repeats frequently over a short period, it reduces the number of reported alerts. The engine only reports a sample of these repeated alerts.

Actions

More Links