Kaspersky Container Security
2.0
English
Investigating security events  >  Analyzing container forensics  >  Detailed information about detected malicious objects

Detailed information about detected malicious objects

To open detailed information about detected malicious objects:

  1. Click anywhere in the row of a File Threat Protection event in the table of security events in the Investigation → Container forensic section.
  2. In the sidebar that opens, go to the Information tab.

Kaspersky Container Security displays the following information:

  • The General information section contains general information:
    • Date and time the malware was detected.
    • Malware name.
    • Type of malware detected (for example, virus software).
    • Severity level of the malware.
    • File checksums in MD5 and SHA286 formats.
    • Event type (for example, detected threat).
    • Path to the file or directory.
    • Owner ID.
    • Object ID.
    • Runtime policy mode.
    • File interceptor mode (the file interceptor runs regardless of the runtime policy mode).
  • The Location details section contains the following information about the container where malware was detected:
    • Container ID and name.
    • Image name and checksum. You can open the page with image scan results by clicking the name of the relevant image.

      To view the results of an image scan, you need the rights to view image scan results. You also need access to the scope for the clusters.

    • Pod name. You can display pod details by clicking the name of the pod.

      Viewing and managing cluster resources requires the corresponding rights. You also need access to the corresponding scope.

    • Namespace name.
    • Cluster name.
    • Host name and IP address.
  • The Process section contains the following information about the process where malware was detected:
    • Process ID (PID) and a new PID.
    • Effective User ID (EUID).
  • The table under Runtime policies impacting the container displays a list of all runtime policies that could be applied to the container in which the malware was detected. For each policy, the solution shows the name of the policy and its mode.

    You can open the sidebar with a detailed description of the applied by clicking the name of the policy. Policy information is displayed in a similar way to how information about applied policies is presented when viewing application information on the graph. Limitations apply when viewing policy information.

Article ID: 292237, Last review: Dec 5, 2024
Page top