SSH is a process that can be allowed in Process Profile Rules, and also can be permitted via network rules, each of which is defined in a Group for a given workload

For a test, you could use almost any example pod/container. Make sure the Group it’s a member of is in Discover mode, then SSH into that container. You’ll see in the Group in NeuVector that a new rule was learned.

To demonstrate more about how this works, put the Group into Monitor mode, delete the SSH rule, then SSH into the container again. You’ll see that, despite SSH not being explicitly allowed, it still worked. That’s because in Monitor mode, NeuVector only alerts on the violations. You can see the alert in the Security Events pane.

If you then threw the Group into Protect mode, the connection would also be logged and denied.

You can use the event alert to add the (allow) rule to the group without having to use Discover mode to go back and re-learn it. Pretty handy!