Isovalent Enterprise for Cilium: Security Visibility
In this scenario, we are going to simulate the exploitation of a nodejs application, with the attacker spawning a reverse shell inside of a container and moving laterally within the Kubernetes environment.
We will demonstrate how the combined Process and Network Event Data:
- identify the suspicious Late Process Execution
- tie the suspicious processes to a randomly generated External Domain Name
- trace the Lateral Movement and Data Exfiltration of the attacker post-exploit
Main steps in the lab
Let's deploy the demo app!
Now with our application deployed, how do we view events?
Let's go through a security use case!
How do we see events as JSON?