Table of contents
Topics on this page

Monitor events

Container Security generates events at various times, depending on how your policies are configured:

  • Deployment: When an image is ready to be deployed in a protected Kubernetes cluster, the admission control webhook is triggered, which checks whether the image conforms with the policy you defined.
  • Continuous: When a container is running, Container Security periodically checks that the container still conforms to the policy you defined.
  • Runtime: When a container is running, runtime security generates events when container activity violates the ruleset you have defined.

To see the events that have been logged:

  1. Open the Trend Micro Cloud One console (https://cloudone.trendmicro.com) and click Container Security.
  2. Go to the Events icon Events page.
  3. Use the filters on the page to find the events that you want to inspect. You can filter by:
    • Cluster or policy name
    • Type of event (Deployment and Continuous, or Runtime)
    • Action taken
    • Time period
  4. Select an event to display its details at the bottom on the page. The details include any policy violations that were discovered and links that you can click for more detailed information.