This detection rule focuses on identifying previously unseen processes within a Kubernetes environment, utilizing metrics collected through an OpenTelemetry (OTEL) collector and host metrics receiver. The rule compares process data from the last hour with that from the previous 30 days. This is vital for identifying potentially unauthorized processes that might indicate a security breach, including risks such as data exfiltration, privilege escalation, or denial-of-service attacks. By enabling this detection, security teams can act swiftly when unknown processes are detected, safeguarding the Kubernetes cluster from possible malicious activities.