Runtime security



This feature is available as a private preview. If you want to participate, register via the form at the button of the portal container security page.

Kubernetes runtime security provides:

  • Anomalies detection based on machine learning and a fast automated rules engine.
  • Network policies suggestions and automation.
  • Security context suggestion and automation. Includes advanced seccomp profiles for each individual container group.

The public demo is available at


The flows page displays the services network map.

Alt text

Workload profiles

The Workloads profile shows many details about workload.

  • Learned Events show learned event patterns for anomaly detection and real-time container drift blocking.
  • Live Events show samples of real-time events.
  • Resource Usage displays CPU/Memory/Network usage.
  • Syscalls show syscalls counts in time series.
  • Security Context shows suggestions for most security contexts that are recommendation-based.
  • If container drift security automation is enabled, the workload admission controller will apply seccomp profiles and patch pods to apply the securityContext field on pod containers.
Alt text


Anomalies pages show detected anomalies. Anomaly contains network graph unexpected events details.

Alt text

Network policies

Network policies pages show suggested network policies. Details also include network graph and Kubernetes network policy YAML.

Network policy automation is applied for selected namespace when enabled.

Alt text