Threat Stack now includes CIS Docker and Kubernetes rulesets to increase configuration visibility. The CIS Docker ruleset assists with safe and secure configuration of Docker containers by alerting on known configuration issues and misconfigurations. The Kubernetes ruleset assists with file integrity monitoring (FIM) by alerting on changes to configuration files associated with the Kubernetes API server, Scheduler, etcd, Control Manager, Cluster Administration, and Kublet Service.
Threat Stack also uses rules in the base ruletset to mitigate risky activity recognized by the MITRE ATT&CK Matrices.
File Integrity Monitoring (FIM) rules for containers provide visibility to files that are accessible from the host file system. For containers, this includes container volumes mounted by the host, but no other files.
If these rulesets provide value for your organization, then please reach out to your customer success manager to add them to your environment.