tigera · ctauchen · Feb 11, 2025 · Feb 11, 2025
@@ -82,8 +82,8 @@ These features can be enabled or diabled only by setting them in your `values.ya
 
 | Feature name | Parameter | Values |
 |---------|-----|--------|
-| Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-| Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
+| Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+| Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
 | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default) |
 | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
 

@@ -48,8 +48,8 @@ You can quickly connect a cluster to Calico Cloud by generating a unique kubectl
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-   | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
+   | Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
 

@@ -37,8 +37,8 @@ You can perform a Helm installation from images stored on a private registry.
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-   | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
+   | Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |

@@ -2,10 +2,17 @@
 description: Threat detection for containerized workloads.
 redirect_from:
   - /threat/malware-detection
+title: Container threat detection (deprecated)
 ---
 
 # Container threat detection
 
+:::info deprecation notice
+
+The container threat detection features described on this page are deprecated and will be removed in a future release.
+
+:::
+
 ## Big picture
 
 Get alerts when security threats, such as malware and other suspicious processes, are detected in your cluster.
@@ -35,7 +42,7 @@
 
 ### Required
 
-$[prodname] Container threat detection uses eBPF to monitor container activity, and it runs on Linux-based
+$[prodname] container threat detection uses eBPF to monitor container activity, and it runs on Linux-based
 nodes in a Kubernetes cluster.
 
 Nodes require amd64 (x86_64) architecture CPUs and one of the following distributions:
@@ -58,20 +65,20 @@
 
 ## How to
 
-- [Enable Container threat detection in the managed cluster](#enable-container-threat-detection)
+- [Enable container threat detection in the managed cluster](#enable-container-threat-detection)
 - [Monitor the Security Events page for malicious programs](#monitor-alerts-page-for-malicious-programs)
 - [Exclude a process from Security Events alerts](#exclude-a-process-from-Security-Events-alerts)
 - [Update detectors settings](#update-detectors-settings)
   - [Configure detectors via RuntimeSecurity Custom Resource](#configure-detectors-via-runtimesecurity-custom-resource)
 
-### Enable Container Threat Detection
+### Enable container threat detection
 
 Container threat detection is disabled by default.
 
-To enable Container threat detection on your managed cluster, go to the **Threat Defense** section in the $[prodname] UI, and select **Enable Container Threat Detection**.
-This will result in Container threat detection running on all nodes in the managed cluster to detect malware and suspicious processes.
+To enable container threat detection on your managed cluster, go to the **Threat Defense** section in the $[prodname] UI, and select **Enable Container Threat Detection**.
+This will result in container threat detection running on all nodes in the managed cluster to detect malware and suspicious processes.
 
-Alternatively, Container threat detection can be enabled using kubectl:
+Alternatively, container threat detection can be enabled using kubectl:
 
 ```bash
 kubectl apply -f - <<EOF

@@ -82,8 +82,8 @@ These features can be enabled or diabled only by setting them in your `values.ya
 
 | Feature name | Parameter | Values |
 |---------|-----|--------|
-| Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-| Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
+| Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+| Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default) |
 | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default) |
 | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |
 

@@ -48,8 +48,8 @@ You can quickly connect a cluster to Calico Cloud by generating a unique kubectl
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-   | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
+   | Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |

@@ -37,8 +37,8 @@ You can perform a Helm installation from images stored on a private registry.
 
    | Feature | Key | Values |
    |---------|-----|--------|
-   | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
-   | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
+   | Image Assurance (deprecated) | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` |
+   | Container Threat Detection (deprecated) | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
 
    | Packet Capture | `installer.components.packetCaptureAPI.state` |  `Enabled`, `Disabled` (default\*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state. |
    | Compliance Reports | `installer.components.compliance.enabled` | `true` (default), `false` |

@@ -27,6 +27,7 @@ If you wish to apply Azure Policy to our namespaces, you can now override this l
 ### Deprecated and removed features
 
 * Image Assurance is deprecated and will be removed in a future release.
+* The container threat detection feature is deprecated and will be removed in a future release.
 * The security posture management feature has been removed.
 * The admission controller feature has been removed.
 

@@ -2,10 +2,17 @@
 description: Threat detection for containerized workloads.
 redirect_from:
   - /threat/malware-detection
+title: Container threat detection (deprecated)
 ---
 
 # Container threat detection
 
+:::info deprecation notice
+
+The container threat detection features described on this page are deprecated and will be removed in a future release.
+
+:::
+
 ## Big picture
 
 Get alerts when security threats, such as malware and other suspicious processes, are detected in your cluster.
@@ -35,7 +42,7 @@
 
 ### Required
 
-$[prodname] Container threat detection uses eBPF to monitor container activity, and it runs on Linux-based
+$[prodname] container threat detection uses eBPF to monitor container activity, and it runs on Linux-based
 nodes in a Kubernetes cluster.
 
 Nodes require amd64 (x86_64) architecture CPUs and one of the following distributions:
@@ -58,20 +65,20 @@
 
 ## How to
 
-- [Enable Container threat detection in the managed cluster](#enable-container-threat-detection)
+- [Enable container threat detection in the managed cluster](#enable-container-threat-detection)
 - [Monitor the Security Events page for malicious programs](#monitor-alerts-page-for-malicious-programs)
 - [Exclude a process from Security Events alerts](#exclude-a-process-from-Security-Events-alerts)
 - [Update detectors settings](#update-detectors-settings)
   - [Configure detectors via RuntimeSecurity Custom Resource](#configure-detectors-via-runtimesecurity-custom-resource)
 
-### Enable Container Threat Detection
+### Enable container threat detection
 
 Container threat detection is disabled by default.
 
-To enable Container threat detection on your managed cluster, go to the **Threat Defense** section in the $[prodname] UI, and select **Enable Container Threat Detection**.
-This will result in Container threat detection running on all nodes in the managed cluster to detect malware and suspicious processes.
+To enable container threat detection on your managed cluster, go to the **Threat Defense** section in the $[prodname] UI, and select **Enable Container Threat Detection**.
+This will result in container threat detection running on all nodes in the managed cluster to detect malware and suspicious processes.
 
-Alternatively, Container threat detection can be enabled using kubectl:
+Alternatively, container threat detection can be enabled using kubectl:
 
 ```bash
 kubectl apply -f - <<EOF