Confluera Container Security is a runtime container security solution that combines behavioral analytics and ML-powered anomaly detection to identify suspicious host and network behaviors in real time. Core to the platform is the "Continuous Attack Graph" technology, which correlates indicators of compromise (IOCs) and weak signals into cohesive threat chains, reducing alert volume and false positives. Rather than surfacing individual detections, the platform assembles them into "threat storyboards" that provide full context — including lateral movements between hosts and containers — enabling faster analysis and interception. Key capabilities include: - Real-time discovery of Kubernetes clusters and container workloads - Detection of a broad spectrum of container exploits via behavioral and anomaly-based analysis - Threat storyboarding that stitches together container, host, and network activity across time - Visibility into how build-time vulnerabilities surface in production runtime environments - Observability across runtime behavior, user sessions, lateral movements, privileged activity, and north-south network traffic - Surgical incident response with auto-generated recommendations allowing precise remediation at file, process, or network level The platform ingests telemetry via push (syslog) and pull (REST, S3) connector frameworks from sources including cloud logs, CWPP, EDR, WAF, ALB, ShiftLeft, and threat intelligence feeds. It also integrates with SOAR products and incident management tools for response workflows.