FOR CLOUD SECURITY TEAMS

Detect persistence in the cloud.

Perj helps security teams surface persistence behavior in cloud workloads. Today, Perj captures high-signal file, process, privilege, and persistence activity on Kubernetes nodes, then turns the event chain into AI-reviewed alerts with workload context.

Event chain

high

runc:[2:INIT]
Container init reads /proc, /etc/passwd
EXECVE /usr/bin/sh
Root shell launched 518s after start
OPEN /root/.ssh/authorized_keys
O_WRONLY | O_CREAT | O_APPEND

SSH key persistence

Malicious · 94%

Open console

Title

SSH key persistence

Summary

A root shell was launched inside the running container and then successfully opened /root/.ssh/authorized_keys with append/create permissions, consistent with adding an SSH backdoor.

Severity

high

Workload Context

Cluster

fim-cluster

Namespace

wordpress-mixed

Pod

attacker-6d5b6696fb-rkvg7

Container

attacker

Alert ID

9b2b8a33...1ed4e5

Verdict

Malicious

Confidence

94%