Views:

Inventory

This provides inventory information.

Data Transmitted to Trend Micro
  • Inventory data information for Kubernetes, including:
    • Node: name, IPs
    • Ingress: name, namespace, TLS hosts
    • Service: name, namespace, cluster IPs
    • Pod: name, node name, namespace, labels, annotations, IPs
    • Container: name, image name
  • Inventory data information for AWS ECS, including:
    • Cluster: ARN, tags, AWS account ID
    • Service: ARN, name, tags, task definition ARN
    • Task: ARN, group, tags, container instance
    • Container: name, ARN, task ARN, image name, args, command
Feature Configuration LocationThis feature cannot be disabled.

Admission Control

This provides security event information.

Data Transmitted to Trend Micro
  • Security Events Information, including:
    • Kubernetes namespace in admission review
    • Kubernetes Kind in admission review
    • Kubernetes Operation in admission review
    • Admission review action
Feature Configuration LocationThis feature cannot be disabled.

Continuous View

This provides security event information.

Data Transmitted to Trend Micro
  • Security Events Information, including:
    • Kubernetes namespace, you can add container/image name, registry name, vulnerability scan results, life cluster information
Feature Configuration LocationThis feature cannot be disabled.

Vulnerability View

This information is used to understand customer behavior and which public container images they use most often.

Data Transmitted to Trend MicroContainer Image Name
Feature Configuration LocationThis feature cannot be disabled.

Artifact Scanning

This is used to collect artifact information to be processed by different scan tools.

Data Transmitted to Trend Micro
  • Artifact information including:
    • Name, type, registry host name, tag, digest, file path, open source libraries, artifact size, collection timestamp
    • Vulnerability scan request data, internal API key
    • Vulnerability scan request id, vulnerability information (ID, severity, CVSS, advisory, related vulnerabilities)
Feature Configuration LocationThis feature cannot be disabled.

Runtime Security

This information is used to determine if container activity violates a customizable set of rules, allowing the behavior to be logged or prevented.

Data Transmitted to Trend Micro
  • Container Metadata, including:
    • Container name, container ID, image name, image digest, image tag
  • Task metadata, including:
    • Task ARN, task definition
  • Running process information, including:
    • Device/Network address, process ID, process name, process arguments, executable name, parent process ID, parent process name, parent process arguments
Feature Configuration LocationThis feature is configured per cluster. Clusters can be viewed on the Inventory View and Runtime Security can be enabled or disabled on individual cluster pages.