Containers
To view the Containers dashboard in the Lacework Console, click Workloads > Containers. See Dashboard Navigation and Filters for information about filtering dashboard data.
Dashboard
These graphs aggregate data for all running containers where Lacework agents are installed. Available graphs present CPU usage, memory usage, network-related information such as connections and bytes.
Related alerts
Alerts for all running containers where Lacework agents are installed.
Polygraphs
See Containers Activities Polygraph.
List of active containers
This table displays active containers whereby "active" is determined by:
- Any Lacework Linux Agents that are installed on the hosts for the containers.
- Any Agentless Workload Scans performed on the hosts for the containers.
The columns display the Container ID, Pod Name, Pod Namespace, Kubernetes Cluster, Repository, Start Time, Hostname (where the container is hosted), PID, and Vulnerabilities.
To view additional details about the compliance status for a container image, hover over a row until View Report displays and click View Report. Click an entry link in the table to open a new view with details about that entry. For example, click a Hostname to display additional information about that machine.
A Kubernetes Pod is the smallest deployed unit in the Kubernetes object model. A Pod represents a single instance of an application in Kubernetes, which may consist of one or more containers that are tightly coupled and share resources.
If your environment does not have any running containers, this table does not display any data.
Container image information
This table displays container image information and any vulnerabilities found in them. This information is discovered by:
- Any Lacework Linux Agents that are installed on the hosts for the containers.
- Any Agentless Workload Scans performed on the hosts for the containers.
The columns display the Repository, Image Tag, Container Type, Created Time, Size, Container Count, Machine Count, User Count, Vulnerabilities, Image Scan Status, and Scan action.
The Image Scan Status displays one of the following statuses:
- Success - no issues during the last scan.
- Failure - an additional error message will display with more information regarding the error.
- Blank - the status will appear empty if an evaluation has yet to be performed (or if the registry is not integrated with Lacework).
To view additional details about the compliance status for a container image, hover over a row until View Report displays and click View Report. Click a Repository link in the table to open a new view with details about that repository.
If your environment does not have any running containers, this table does not display any data.
On-demand Container Image Scan
In the Container image information table, use the Scan option (available in the Scan action column) to initiate a scan on the container image listed in the row.
This feature only works if your container registry is integrated. The Lacework Console will inform you if the registry is not integrated after clicking Scan.
The Scan action column displays Scanning until the image assessment is complete.
Once assessment is complete, the Vulnerabilities column is updated with the latest results:
Command line by executable
This table displays the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.
Active listening ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.