Searching container forensics

Under Investigation → Container forensic, you can search for events that occurred in containers.

To find security events that occurred in the container:

In the Search by event data and path field, enter the event data for your search.

Depending on the event type, you must specify the following:

• Container ID or container name (for all event types).
• Path to the files (for Process, File operations, or File Threat Protection events).
• IP address or domain name (for events of the Network traffic type).

The solution displays search results in the security event table in the Investigation → Container forensic section.