This detection rule is designed to identify high inbound and outbound network I/O anomalies in Kubernetes containers, indicating potential security threats such as data exfiltration or unauthorized communication. The rule utilizes process metrics collected through an OpenTelemetry (OTEL) collector and the Kubelet Stats Receiver, both of which facilitate gathering pertinent data from Kubernetes environments. By employing a statistical approach with a lookup table that contains average and standard deviation values for network I/O, the detection is capable of monitoring anomalies that persist over a one-hour timeframe. When anomalous behavior is detected, it signifies that the network activity deviates significantly from established norms, which may have serious implications such as data breaches or service outages if confirmed as malicious. The detection mechanism involves aggregating metrics, calculating averages, and comparing live data against typical values to highlight potential threats effectively. Recommendations for implementation include deploying OTEL, configuring Splunk Infrastructure Monitoring, and setting specific metrics for monitoring process performance.