Hidden files may be used by attackers to hide from detection mechanisms on hosts and containers. This detection aims at finding the creation of any new hidden files.
In Linux, files are hidden from users by prepending
. to the filename. For example
.some.file. This detection will monitor for the creation of any file thats name begins with a