Our agent needs permission to get, watch and list all resources in the core and metrics API groups. See below for our service agent's permissions.
Our daemonset utilizes eBPF to instrument at the kernel level. This allows to capture application level data with out the installation of any application level packages. Unfortunately this added insight does come at a cost. Our daemonset requires the container to be ran as privileged. Fortunately in Linux 5.8 the capability "BPF" was added allowing us to capture these lower level insights without as permissive privileges.
ContainIQ’s SOC 2 readiness report can be accessed via SafeBase and found here.
More coming soon.....