Splunking Isovalent Data: Attack Simulations and Detections

We simulate real-world adversary behaviors inside a Kubernetes cluster to validate how Tetragon’s kernel-level visibility translates into detectable, high-fidelity security signals in Splunk. Each simulation maps to techniques in the MITRE ATT&CK for Containers framework and showcases how eBPF instrumentation allows us to catch what traditional agents often miss—for example, process lineage, syscall context, and Kubernetes workload-level attribution.