Kaspersky Container Security
2.0
English

Contents

Network connections on the graph

Kaspersky Container Security displays network interactions between objects on the graph, and also provides information about network connections between cluster resources.

To view network connections in the cluster:

  1. In the Resources → Clusters section, go to the Graph view tab.
  2. Click the Network connections button above the graph area.

    The solution opens the sidebar with the types of network connections available for display.

  3. By selecting check boxes, select one or more network connections display options. You can select the following display options:
    • Show Audit-mode connections . This displays network connections that were detected in accordance with the applied runtime policies in Audit mode.
    • Show Enforce-mode connections. This displays network connection attempts that were blocked in accordance with the applied runtime policies in Enforce mode.
    • Show all the rest connections. This displays network connections that were not covered by the applied runtime policies in Audit and Enforce modes.
  4. Click Apply.

    The graph is reloaded and the selected network connections are displayed.

Page top
[Topic 294425]

Principles of displaying network processes

The following principles apply to displaying of network connections on the graph in Kaspersky Container Security:

  • The solution displays connections as edges between two objects (groups of objects within a cluster), or between an object (group of objects) and resources outside the cluster. An arrow on the graph points from the sender object to the recipient object. If the same types of network connections (for example, Audit-mode connections) occurs between a pair of objects that are linked by a network connection and the traffic between the object goes both ways, the solution represents this activity with a bidirectional arrow.
  • If the recipient object is outside the relevant cluster, infrastructure or the scope assigned to the user, the solution indicates it as Resources out of cluster or scope.
  • The graph displays network connections to a group of namespaces or applications if inbound or outbound traffic is detected involving at least one object inside such a group. When you expand a group to its constituent objects, the connection is displayed to the specific resource.
  • If multiple network connections go from one object to another, the solution takes the priority of network connections when displaying them. Enforce-mode connections have the highest priority, whereas other connections have the lowest priority.

The solution displays different types of network connections as follows:

  • Enforce-mode connection on the graph is represented by a dotted red line (Blocked network connection icon on the graph.).
  • Audit-mode connection on the graph is represented by a solid red line with an arrow (Audited network connection icon on the graph.).
  • Other connections on the graph are represented by a solid black line with an arrow (Icon of a connection different from the Audit-mode or Enforce-mode connection on the graph.).
  • Two-way network connections are represented on the graph as a line corresponding to one of the activity types, with arrows on both ends (Two-way network connection icon on the graph.).
  • If you hover over a network connection line on the graph, it is highlighted and changes color (Highlighted network connections icon on the graph.).
Page top
[Topic 297994]

Viewing information about network connections

Kaspersky Container Security can provide brief and detailed information about network connections.

To view brief information about a network connection:

Hover over the network connection of interest.

The solution will display a tooltip with the number of non-unique connections for each network connection type (for connections in Audit and Enforce modes and other connections).

To view detailed information about a network connection:

Click the connection of interest.

Kaspersky Container Security opens the sidebar with information about network connections for the selected connection.

The sidebar displays information about network connections for the 15 minutes before the sidebar was opened. Information about network connections is provided in form of tables in the tabs Audit-mode connections, Enforce-mode connections, Other connections. The number of connections is indicated next to tab names.

The tables have the same structure and contain the following information:

  • The Source column contains the name of the pod that is the sender of the network traffic and the IP address of the pod in the <pod IP address:outbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Protocol column indicates the pod interaction protocol.
  • The Destination column contains the name of the pod that is the recipient of the network traffic and the IP address of the pod in the <pod IP address:inbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Number of connections column displays the total number of non-unique connections between the sender and the recipient of the traffic.
  • The Last connection column displays the date and time of the last non-unique connection between the sender and the recipient of the traffic.

If the sender object or the recipient object is outside the relevant cluster, the Source or Destination columns display the domain name and IP address of such an object respectively (if the solution can obtain this information).

Page top
[Topic 297999]