Hello @Lily
Yes, you are correct that the pricing for Microsoft Defender for Containers is based on vCores. The vCores are based on the number of CPU cores allocated to the container host.
When you run a new pod in AKS, it is automatically added to Defender and priced. The pricing is based on the number of vCores allocated to the container host, not the number of pods running on the host.
If a pod is not running, it will not be removed from Defender pricing. The pricing is based on the number of vCores allocated to the container host, regardless of whether the pods are running or not.
You are also correct that the pricing is based on the number of hours of pod operation. The pricing is calculated based on the number of vCores allocated to the container host and the number of hours that the pods are running on the host.
Please note that the pricing for Microsoft Defender for Containers is subject to change, and you should refer to the official documentation for the most up-to-date information.
I hope this helps! Let me know if you have any other questions.
If this does answer your question, please accept it as the answer as a token of appreciation.