Agent status
Information on the status of Kaspersky Container Security agents is presented as a table in the Components → Agents section; it is also expanded in the sidebar for the selected agent.
The table displays the following information for each agent within an agent group:
- Agent name.
- Status. The solution assigns one of the following connection statuses:
- Connected means the agent is connected and is functioning normally.
- Disconnected means the agent is disconnected.
- Pending means the solution is in the process of connecting the agent.
The status is assigned in accordance with the data of the last heartbeat message for the agent, according to the entry in the security event log.
- Version. The solution displays the current version of the agent. If a new version of the agent is available for the installed version of Kaspersky Container Security, the latest available agent version is displayed.
- Pod. The solution displays the name of the pod in which the agent is deployed.
- Information received as part of node status monitoring. The solution provides information about network activity monitoring and analysis actions, processes in containers, and File Threat Protection. For each action (Container processes, Network connections, and File Threat Protection), its status is displayed—Enabled or Disabled. If an agent is disconnected, all node status monitoring actions have the Disabled status.
If the agent is connected, the last status of the agent is also displayed for each action—Success, Not available, or Error. If Error is displayed, the solution displays a brief description of the error and associated details.
The statuses of the agent components responsible for monitoring network connections, processes inside containers, and file operations, as well as File Threat Protection, are available only for connected node-agent agents. For kube-agent agents, the status of these components is always Not available.
The solution displays this information based on the security event log records.
- SIEM status The solution displays the name of the SIEM system and one of the following connection statuses:
- Success if the agent is connected to a specific SIEM system, and event messages are being correctly sent to that SIEM system.
- Warning if the agent is connected to a specific SIEM system, and event messages are being correctly sent to that SIEM system. However, the linked SIEM of the agent differs from the SIEM system specified in the agent group settings.
- Error if an error occurred while connecting the agent to the SIEM system or sending messages. It is also considered an error if exported runtime events are not defined for the integration linked with the agent.
If the agent is not linked to a SIEM system, the solution indicates no connection.
For the kube_agent, the connection status is never indicated because the SIEM system communicates only with node-agent agents.
- Date and time of last connection.
You can view information about the status of a specific agent in the sidebar. To open the sidebar, click the agent name in the table. Kaspersky Container Security displays the following information about the selected agent:
- Agent name.
- IP address of the node where the agent is deployed.
- Name of the node where the agent is deployed.
- Pod name.
- Agent type.
- Agent version.
- The agent connection status—Connected, Disconnected, or Pending.
- Date and time when the agent last connected
- Under Node monitoring statuses, the solution displays information about the last registered state of the agent (Success, Not available, or Error) for each node monitoring action (Container processes, Network connections, and File Threat Protection). If an action is disabled to avoid unnecessary workload on nodes, the Disabled status is displayed.
- Under Agent group, the solution displays the following information about the agent group to which the selected agent belongs:
- Group name
- Namespace
- Orchestrator
To view information about the status of agents, you need permissions to view and manage the Agents component. By default, these permissions are granted to the IS Administrator role.