The detection rule identifies the creation of containerized workloads using previously unseen container images in a Kubernetes cluster. This is accomplished by comparing the names of container images used in the last hour with those from the previous 30 days, utilizing metrics gathered from an OpenTelemetry (OTEL) collector and Kubernetes cluster receiver through Splunk Observability Cloud. The significance of this detection lies in the fact that unfamiliar container images may introduce security risks, including vulnerabilities, malware, or misconfigurations, potentially threatening the integrity of the Kubernetes cluster. If such images are confirmed to be malicious, they could lead to various adverse effects including data breaches, service disruptions, unauthorized access, and lateral movement within the cluster. Therefore, monitoring for and validating the usage of new container images is crucial for maintaining security posture in Kubernetes environments.