Table of Contents

Other incident types

  • Hijacked Process:
    Indicates that an allowed process has been used in ways that are inconsistent with its expected behavior. This type of incident could be a sign that a process has been used to compromise a container.
  • Data exfiltration:
    Indicates the unauthorized transfer of data from one system to another. These incidents are triggered when a pattern of audits indicate attempts to move data to an external location. For example: High rate of DNS query events, reporting aggregation started in a container, DNS resolution of suspicious name (www.<WEBSITE_NAME>.com).
  • Cloud Provider:
    Indicates attempts to abuse a provider’s service to extract sensitive information. For example: Container A queried provider API at <IP_ADDRESS>.

Recommended For You