The "Kubernetes Anomalous Traffic on Network Edge" rule is designed to detect and analyze anomalous network traffic volumes associated with Kubernetes workloads, particularly focusing on discrepancies between workloads and external sources. It utilizes metrics gathered from Network Performance Monitoring (NPM) via an OpenTelemetry (OTEL) collector, which are then analyzed in the Splunk Observability Cloud. The rule compares the recent network metrics (including TCP bytes, new sockets, and packets, along with UDP bytes and packets) recorded over one hour against the 30-day average to pinpoint significant deviations. Such deviations may signal unauthorized data transfers or lateral movements within the Kubernetes environment, which could lead to data breaches if confirmed malicious. To implement this rule, users must set up the appropriate OTEL and Splunk configurations to ensure metric collection is appropriately conducted and valid data is available for analysis.