Together with two fabulous colleagues, Simon and Markus, we used Kyverno to automatically mount honeytokens in each container, and Tetragon to detect attempts to access those honeytokens. We also identify the attacker's IP address and block them cluster-wide with a network policy.

You can find a nice report on how we built and orchestrated this security incident runbook for Kubernetes here: https://www.dynatrace.com/news/blog/context-aware-security-incident-response/