1. Proposed title of this feature request
Monitoring shell activities without locking the container

2. What is the nature and description of the request?
CU would like to track user activities on containers. Unauthorized Process Execution provides detailed information regarding but it only alerts when locked the container via Risk menu.

3. Why does the customer need this? (List the business requirements here)
This is really a critical issue for CU and it will be really valuable.
Lock option is really beneficial when it comes to reducing attack surface but CU have a large environment with many critical core banking applications. They need to analyze all the baselines really carefully before deciding to apply lock mode.