Searching container forensics

Under Investigation → Container forensic, you can search for events that occurred in containers.

To find security events that occurred in the container:

In the Search by event data and path field, enter the event data for your search.

Depending on the event type, you must specify the following:

Container ID or container name (for all event types).
Path to the files (for Process, File operations, or File Threat Protection events).
IP address or domain name (for events of the Network traffic type).

The solution displays search results in the security event table in the Investigation → Container forensic section.

Article ID: 293485, Last review: Dec 5, 2024

Page top