Views:

Stop suspicious behavior of containers within a pod by terminating the pod using context menus on the Trend Vision One console.

This task is supported by the following services:
  • Trend Vision One Container Security
Important
Important
  • Only currently running Kubernetes pods or ECS tasks are supported for the Terminate Container task.
  • Terminating a pod destroys evidence of the suspicious behavior and does not prevent the behavior from happening again. If possible, run the Isolate Container task before deciding to terminate a container.
The Terminate Container task allows you to stop the spread of suspicious behavior within a container by terminating the containing pod. Once terminated, a pod cannot be resumed. Start the task using context menus on the Trend Vision One console.

Procedure

  1. After identifying the container to terminate, access the context or response menu and click Terminate Container.
    The Terminate Container Task screen appears.
  2. Confirm the target of the response.
  3. Specify a Description for the response or event.
  4. Click Create.
    Trend Vision One creates the task and displays the current task status in Response Management.
  5. Monitor the task status.
    1. Open Response Management.
    2. (Optional) Locate the task using the Search field or by selecting Terminate Container from the Action drop-down list.
    3. View the task status.
      • In progress (in_progress=GUID-A55897DB-3DEA-4F5C-B7F9-70B3D7FB9EDE=1=en-us=Low.jpg): Trend Vision One sent the command and is waiting for a response.
      • Successful (successful=GUID-1E31AD86-DE2E-48B5-85F7-7C78A3E8BB11=1=en-us=Low.jpg): The command was successfully executed.
      • Unsuccessful (error=5cc21722-7ceb-480c-b9c2-a47d420cf1cc.jpg): An error or time-out occurred when attempting to send the command, or the specified pod no longer exists.