Kaspersky Container Security
1.2
English

Contents

Network processes on the graph

Kaspersky Container Security displays network interactions between objects on the graph, and also provides information about network activity between cluster resources.

To view network activity in the cluster:

  1. In the ResourcesAssetsClusters section, go to the Graph view tab.
  2. Click Show network activity above the graph area.

    The solution opens the sidebar with the types of network activity available for display.

  3. By selecting check boxes, select one or more network activity display options. You can select the following display options:
    • Show audited activity. This displays network connections that were detected in accordance with the applied runtime policies in Audit mode.
    • Show blocked activity. This displays network connection attempts that were blocked in accordance with the applied runtime policies in Enforce mode.
    • Show other activity. This displays network connections that were not covered by the applied runtime policies in Audit and Enforce modes.
  4. Click Apply.

    The graph is reloaded and the selected network activity is displayed.

Page top

[Topic 275391]

Principles of displaying network processes

The following principles apply to the display of network connections on the graph in Kaspersky Container Security:

  • The solution displays processes as edges between two objects (groups of objects within a cluster), or between an object (group of objects) and resources outside the cluster. An arrow on the graph points from the sender object to the recipient object. If the same types of network activity (for example, audited activity) occurs between a pair of objects that are linked by a network connection and the traffic between the object goes both ways, the solution represents this activity with a bidirectional arrow.
  • If the recipient object is outside the relevant cluster, infrastructure or the scope assigned to the user, the solution indicates it as Resources out of cluster or scope.
  • The graph displays network connections to a group of namespaces or applications if inbound or outbound traffic is detected involving at least one object inside such a group. When you expand a group to its constituent objects, the connection is displayed to the specific resource.
  • If multiple network processes go from one object to another, the solution takes the priority of network activity when displaying them. Blocked activity has the maximum priority, and other activity has the minimum priority.

The solution displays different types of network activity as follows:

  • Blocked activity on the graph is represented by a dotted red line (Blocked network activity icon on the graph.).
  • Audited activity on the graph is represented by a solid red line with an arrow (Audited network activity icon on the graph.).
  • Other activity on the graph is represented by a solid black line with an arrow (Non-blocked and non-audited activity icon on the graph.).
  • Two-way network activity is represented on the graph as a line corresponding to one of the activity types, with arrows on both ends (Two-way network activity icon on the graph.).
  • If you hover over a network connection line on the graph, it is highlighted and changes color (Highlighted network activity icon on the graph.).
Page top
[Topic 275395]

Viewing information about network processes

Kaspersky Container Security can provide brief and detailed information about network activity.

To view brief information about network activity:

Hover over the network connection of interest.

A tooltip is displayed with the number of non-unique connections for each type of network activity (blocked, audited, and other).

To view detailed information about network activity:

Click the connection of interest.

This opens the sidebar with information about network activity for the selected connection.

The sidebar displays information about network activity for the 15 minutes before the sidebar was called up. Network activity information is presented in tables on the Audited activities, Blocked activities, and Other activities tabs. The number of connections is indicated next to tab captions.

The tables have the same structure and contain the following information:

  • The Source column contains the name of the pod that is the sender of the network traffic and the IP address of the pod in the <pod IP address:outbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Protocol column indicates the pod interaction protocol.
  • The Destination column contains the name of the pod that is the recipient of the network traffic and the IP address of the pod in the <pod IP address:inbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Number of connections column displays the total number of non-unique connections between the sender and the recipient of the traffic.
  • The Last connection column displays the date and time of the last non-unique connection between the sender and the recipient of the traffic.

If the sender object or the recipient object is outside the relevant cluster, the Source or Destination columns display the domain name and IP address of such an object respectively (if the solution can obtain this information).

Page top

[Topic 275396]