Docker and Containers Suspicious Activity
Docker and Containers Suspicious Activity
The following out-of-the-box alert rules are assigned to the category: DOCKER AND CONTAINERS SUSPICIOUS ACTIVITY.
|
ALERT RULE |
Description |
|---|---|
| Accessing unauthorized containers in interactive mode |
An alert is triggered upon accessing unauthorized container in interactive mode. |
| Running unauthorized container |
An alert is triggered upon running container which is not in the authorized containers list. |
| Executing commands to run inside containers |
An alert is triggered upon executing a command within a container. |
| Executing a sensitive docker command |
An alert is triggered upon executing a sensitive command which is part of a list. |
| Opening a shell inside an unauthorized container |
An alert is triggered upon opening a shell inside a container which is not part of the authorized containers. |