Container Rule Sets


Threat Stack now includes CIS Docker and Kubernetes rule sets to increase configuration visibility. The CIS Docker rule set assists with safe and secure configuration of Docker containers by alerting on known configuration issues and misconfigurations. The Kubernetes rule set assists with file integrity monitoring (FIM) by alerting on changes to configuration files associated with the Kubernetes API server, Scheduler, etcd, Control Manager, Cluster Administration, and Kublet Service.  

If these rule sets provide value for your organization, then please reach out to your customer success manager to get them into your environment.


Threat Stack lists the most up-to-date rule sets in the Base Rule Set Compliance Matrix.

Docker CIS Docker Kubernetes
Docker: File: Docker Container File Change
Docker: File: Docker Configuration Change
Docker: File: Docker Executable Change
Docker: Network: Outbound Connection (Connects)
Docker: User: Privileged Commands
Docker: User: Push or Pull Commands
Docker: User: User Commands
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request



Article is closed for comments.