This detection rule monitors the creation of Kubernetes Ingress resources that do not have TLS certificates configured. Such Ingresses expose services over unencrypted HTTP, posing a serious risk of transmitting sensitive data like passwords and personal identifiable information (PII) in plain text. This behavior is not only a violation of security best practices but also a breach of compliance mandates such as PCI-DSS and HIPAA, increasing the potential for man-in-the-middle attacks (MITM). The rule identifies instances of Ingress creation across cloud providers like Amazon EKS, Azure AKS, and Google GKE, allowing organizations to maintain secure communication channels via recognized TLS configurations. The rule is currently in an experimental phase and has a medium severity level, indicating that while it is significant, it should be evaluated against other security objectives and controls in place.