Configure runtime security

Runtime security is a new feature that is currently in preview and available on request.

Runtime security is an integration with Trend Micro Cloud One - Application Security that provides runtime security for Kubernetes clusters. This feature can detect and protect against illegal file access and remote command execution.

For a list of operating systems that are currently supported with Runtime security, see the Application Security help.

Request access to the Runtime Security preview

  1. Open the Trend Micro Cloud One console ( and click Container Security.
  2. Go to the Clusters icon Clusters page.
  3. Click + Add.

    Add Cluster screen with preview request link displayed

  4. In the Add Cluster window, click the request link in the Runtime Security section.

  5. Fill the Request Preview form and click Request Preview.
  6. An email is generated. Send the email to request access to the preview.

Wait until you've received approval before continuing to the next section. When you've been approved, the Add Cluster windows will no longer have the preview request link:

Add Cluster screen without the preview request link

Enable runtime security for a cluster

  1. In the Container Security console, add a cluster. Note:

    • For information about which operating systems are compatible with this feature, see DaemonSet in the Application Security help.
    • The cluster Name will also be used as the policy group name in Application Security.
    • Be sure to select the Enabled option under Runtime Security. You cannot select this option later. When you select this option, Container Security connects to Application Security, which creates a policy group. Application Security sends credentials for the runtime agent back to Container Security. These credentials enable communication between Application Security and the runtime agent on the Kubernetes cluster.
    • When you run the helm install command, it deploys a DaemonSet for Runtime Security. The DaemonSet ensures that there is one instance of the runtime security agent on each node of your cluster.
  2. In the Application Security console, configure the runtime security policy for the cluster.

  3. Runtime security events will appear in the Application Security console.