drop sysdig threat export · parse container + rule + severity · runs locally
drop sysdig threat export · local only
heuristic screener · vendor schema varies · not definitive proof