Kaspersky Container Security

Details information about network traffic

To open detailed information about file operations,

1. Click anywhere in the row of a Network traffic event in the table of security events in the Investigation → Container forensic section.
2. In the sidebar that opens, go to the Information tab.

Kaspersky Container Security displays the following information:

• The General information section contains general information:
  • Date and time the file operation was performed.
  • Runtime policy mode.
  • Traffic type: ingress or egress connection.
• The Source section contains the following information about the connection:
  • Pod name or domain of the source of the connection. You can display pod details by clicking the name of the pod.

    Viewing and managing cluster resources requires the corresponding rights. You also need access to the corresponding scope.

  • IP address of the source of network traffic.
  • Port used for the connection.
• The Destination section contains the following information about the connection:
  • Pod name or domain of the recipient of network traffic. You can display pod details by clicking the name of the pod.
  • IP address of the recipient of network traffic.
  • Port used for the connection.
• The Location details section provides the following information about the container where the network traffic was detected:
  • Container ID and name.
  • Image name and checksum. You can open the page with image scan results by clicking the name of the relevant image.

    To view the results of an image scan, you need the rights to view image scan results. You also need access to the scope for the clusters.

  • Pod name. You can display pod details by clicking the name of the pod.
  • Namespace name.
  • Cluster name.
  • Host name and IP address.
• The table under Runtime policies impacting the container displays a list of all runtime policies that could be applied to the container in which the network connections were detected. For each policy, the solution shows the name of the policy and its mode.

  You can open the sidebar with a detailed description of the applied by clicking the name of the policy. Policy information is displayed in a similar way to how information about applied policies is presented when viewing application information on the graph. Limitations apply when viewing policy information.