Monitoring, Logging and Runtime Security - 20% Perform behavioral analytics of syscall process and file activities at the host and container level to detect malicious activities Refer Falco Other tools include strace and tracee Detect threats within physical infrastructure, apps, networks, data, users and workloads TBD Detect all phases of attack regardless where it occurs and how it spreads TBD Perform deep analytical investigation and identification of bad actors within environment TBD Ensure immutability of containers at runtime Refer Pod Security Context Immutability Use Audit Logs to monitor access Refer Kubernetes Auditing