C0: review CC ephemeral-privileged-jobs

Verified TTL=604800s and hostPID limited to ephemeral Prowler CronJob on indri. Noted that alloy-tracing on ringtail also uses hostPID but is out of scope until Prowler scans ringtail (tracked in Todoist). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 11:09:34 -07:00 · 2026-04-29 11:09:34 -07:00 · f4a24595b1
commit f4a24595b1
parent 817acc5e5e
2 changed files with 8 additions and 2 deletions
--- a/docs/changelog.d/+review-cc-ephemeral-privileged-jobs.misc.md
+++ b/docs/changelog.d/+review-cc-ephemeral-privileged-jobs.misc.md
@ -0,0 +1 @@
+Reviewed compensating control `ephemeral-privileged-jobs`: TTL and hostPID scope verified on indri. Noted that the alloy-tracing DaemonSet on ringtail is out of scope until Prowler scans ringtail (tracked in Todoist).
				`@ -0,0 +1 @@`
				Reviewed compensating control `ephemeral-privileged-jobs`: TTL and hostPID scope verified on indri. Noted that the alloy-tracing DaemonSet on ringtail is out of scope until Prowler scans ringtail (tracked in Todoist).