Kaspersky Container Security
2.0
English
Investigating security events  >  Analyzing container forensics  >  Detailed information about a running process

Detailed information about a running process

To open detailed information about a running process:

  1. Click anywhere in the row of a Process event in the table of security events in the InvestigationContainer forensic section.
  2. In the sidebar that opens, go to the Information tab.

Kaspersky Container Security displays the following information:

  • The General information section contains general information:
    • Date and time the process was started.
    • Command used to start the process, including arguments.
    • Path to the file or directory.
    • Runtime policy mode.
  • The Location details section contains the following information about the container where the process was started:
    • Container ID and name.
    • Image name and checksum. You can open the page with image scan results by clicking the name of the relevant image.

      To view the results of an image scan, you need the rights to view image scan results. You also need access to the scope for the clusters.

    • Pod name. You can display pod details by clicking the name of the pod.

      Viewing and managing cluster resources requires the corresponding rights. You also need access to the corresponding scope.

    • Namespace name.
    • Cluster name.
    • Host name and IP address.
  • The Process section contains the following data about the running process:
    • Parent process ID (PPID)
    • Process ID (PID) and a new PID.
    • Effective User ID (EUID).
    • Effective Group ID (EGID).
    • Group ID (GID).
  • The table under Runtime policies impacting the container displays a list of all runtime policies that could be applied to the container with the running process. For each policy, the solution shows the name of the policy and its mode.

    You can open the sidebar with a detailed description of the applied by clicking the name of the policy. Policy information is displayed in a similar way to how information about applied policies is presented when viewing application information on the graph. Limitations apply when viewing policy information.

Article ID: 292170, Last review: Dec 5, 2024
Page top