You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/investigate-respond-container-threats.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,9 @@ To determine the full scope of a container attack, you can deepen your investiga
124
124
125
125
In the [Advanced hunting](advanced-hunting-overview.md) page, you can extend your search for container-related activities using the **CloudProcessEvents** and **CloudAuditEvents** tables.
126
126
127
-
The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. On the other hand, the [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
127
+
The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine.
128
+
129
+
The [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
128
130
129
131
## Troubleshoot issues
130
132
@@ -150,7 +152,7 @@ Learn how to access the Cloud Shell and check your network plugins by following
150
152
2. Above the **Essential** information, select **Connect** button and follow the instructions.
151
153
3. The Cloud Shell opens at the bottom of your browser. In the command line interface, run the following command to check your network plugins:
152
154
153
-
**kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
The results should mention any of the specified plugins in the network policy requirement. An empty line means that the supported plugin is not installed.
156
158
@@ -159,7 +161,7 @@ The results should mention any of the specified plugins in the network policy re
159
161
1. Navigate your cluster in Google Cloud Portal.
160
162
2. Select **Connect** above the name of the cluster. In the small window that appears, copy the following command and run it in your local terminal.
161
163
162
-
**kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
3. You can also choose **Run in Cloud Shell** to run a shell session that opens at the bottom of your browser. You can copy the command in the interface to check your network plugins.
165
167
@@ -170,15 +172,16 @@ The results should mention any of the specified plugins in the network policy re
170
172
1. Navigate to your cluster in AWS Cloud Portal.
171
173
2. Select **CloudShell** on the top-right corner. A Cloud Shell session opens at the bottom of your browser, which provides a command-line interface to manage your AWS resources.
172
174
3. Connect to your cluster by running the following command:</br></br>
0 commit comments