Kaspersky Container Security

Principles of displaying network processes

The following principles apply to the display of network connections on the graph in Kaspersky Container Security:

• The solution displays processes as edges between two objects (groups of objects within a cluster), or between an object (group of objects) and resources outside the cluster. An arrow on the graph points from the sender object to the recipient object. If the same types of network activity (for example, audited activity) occurs between a pair of objects that are linked by a network connection and the traffic between the object goes both ways, the solution represents this activity with a bidirectional arrow.
• If the recipient object is outside the relevant cluster, infrastructure or the scope assigned to the user, the solution indicates it as Resources out of cluster or scope.
• The graph displays network connections to a group of namespaces or applications if inbound or outbound traffic is detected involving at least one object inside such a group. When you expand a group to its constituent objects, the connection is displayed to the specific resource.
• If multiple network processes go from one object to another, the solution takes the priority of network activity when displaying them. Blocked activity has the maximum priority, and other activity has the minimum priority.

The solution displays different types of network activity as follows:

• Blocked activity on the graph is represented by a dotted red line ().
• Audited activity on the graph is represented by a solid red line with an arrow ().
• Other activity on the graph is represented by a solid black line with an arrow ().
• Two-way network activity is represented on the graph as a line corresponding to one of the activity types, with arrows on both ends ().
• If you hover over a network connection line on the graph, it is highlighted and changes color ().