The analytic 'Kubernetes Process Running From New Path' identifies anomalous processes executing from previously unseen paths within a Kubernetes environment. This rule utilizes metrics from an OpenTelemetry (OTEL) collector and the Splunk Infrastructure Monitoring add-on to analyze and compare process activity. Processes observed in the last hour are compared against the same in the last 30 days, thus detecting potential unauthorized changes, compromised nodes, or malicious software introduction. Such activities are crucial as they may lead to serious security issues, including unauthorized process execution, control over critical resources, privilege escalation, and potential data exfiltration. The analytic is particularly sensitive to detecting new executable paths which could signify a breach or malicious insider threat. Detailed implementation steps are outlined to set up the required environment, ensuring effective monitoring and alerting within Kubernetes clusters.