Cloud workload protectionedit

Cloud workload protection helps you monitor and protect your Linux hosts and Kubernetes runtimes. It uses the Elastic Defend integration to capture cloud workload telemetry containing process, file, and network activity. In Kubernetes environments, this telemetry is further enriched with metadata that enables you to isolate events in your cloud topography.

This telemetry also enables the automated identification of cloud threats with out-of-the-box detection rules and machine learning models. Alerts based on these detections can reduce the time to identify and remediate threats.

Use casesedit

  • Runtime monitoring of cloud workloads: Provides visibility into cloud workloads, context for detected threats, and the historical data needed for retroactive threat investigations.
  • Cloud-native threat detection and prevention: Provides security coverage for Linux, containers, Kubernetes, and serverless applications. Protects from known and unknown threats using on-host detections and protections against malicious behavior, memory threats, and malware.
  • Reducing the time to detect and remediate runtime threats: Helps you resolve potential threats by showing alerts in context, making the data necessary for further investigations readily available, and providing remediation options.

To continue setting up your cloud workload protection, learn more about:

  • Getting started with Elastic Defend: configure Elastic Defend to protect your hosts. Be sure to select one of the "Cloud workloads" presets if you want to collect session data by default, including process, file, and network telemetry.
  • Session view: examine Linux process data organized in a tree-like structure according to the Linux logical event model, with processes organized by parentage and time of execution. Use it to monitor and investigate session activity, and to understand user and service behavior on your Linux infrastructure.
  • The Kubernetes dashboard: Explore an overview of your protected Kubernetes clusters, and drill down into individual sessions within your Kubernetes infrastructure.
  • Environment variable capture: Capture the environment variables associated with process events, such as PATH, LD_PRELOAD, or USER.