Skip to main content

Containers

To navigate to the Containers dossier in the Lacework Console, click Resources > Container. See Dossier Navigation and Filters for information about filtering dossier data.

Charts

These charts aggregate data for all running containers where Lacework agents are installed. Available charts present CPU usage, memory usage, network-related information such as connections and bytes.

Timeline

The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page.

Polygraphs

See Containers Activities Polygraph.

List of Active Containers

This table displays active containers whereby "active" is determined by any Lacework Linux Agents that are installed on the host for the container(s).

The columns display the Container ID, Pod Name, Pod Namespace, Kubernetes Cluster, Repository, Start Time, Hostname (where the container is hosted), PID, and Vulnerabilities.

To view additional details about the compliance status for a container image, hover over a row until View Report displays and click View Report. Click an entry link in the table to open a new view with details about that entry. For example, click a Hostname to display additional information about that machine.

note

A Kubernetes Pod is the smallest deployed unit in the Kubernetes object model. A Pod represents a single instance of an application in Kubernetes, which may consist of one or more containers that are tightly coupled and share resources.

If your environment does not have any running containers, this table does not display any data.

Container Image Information

This table display container image information and any vulnerabilities found in them.

The columns display the Repository, Image Tag, Container Type, Created Time, Size, Container Count, Machine Count, User Count, Vulnerabilities, Image Scan Status, and Scan action.

The Image Scan Status displays one of the following statuses:

  • Success - no issues during the last scan.
  • Failure - an additional error message will display with more information regarding the error.
  • Blank - the status will appear empty if an evalulation has yet to be performed (or if the registry is not integrated with Lacework).

To view additional details about the compliance status for a container image, hover over a row until View Report displays and click View Report. Click a Repository link in the table to open a new view with details about that repository.

If your environment does not have any running containers, this table does not display any data.

On-demand Container Image Scan

In the Container Image Information table, use the Scan option (available in the Scan action column) to initiate a scan on the container image listed in the row.

note

This feature only works if your container registry is integrated. The Lacework Console will inform you if the registry is not integrated after clicking Scan.

The Scan action column displays Scanning until the image assessment is complete.

console-containers-image-information-on-demand-scan.png

Once assessment is complete, the Vulnerabilities column is updated with the latest results:

console-containers-image-information-on-demand-scan-success.png

Command Line by Executable

This table displays the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.

Active Listening Ports

This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.