This detection rule identifies anomalous changes in resource utilization ratios for processes running on Kubernetes nodes. By using metrics collected from an OpenTelemetry (OTEL) collector and processed via Splunk Observability Cloud, it analyzes key resource ratios, such as CPU to memory, CPU to disk operations, and others. It compares current values against a lookup table of baseline averages and standard deviations, providing alerts for any deviations beyond established thresholds. These deviations may suggest the presence of compromised processes or other malicious activity, triggering a need for investigation as they could signal potential security breaches, allowing attacker manipulation of workloads or systems, leading to data exfiltration or service downtime.