Isovalent Enterprise for Cilium: Security Visibility

In this scenario, we are going to simulate the exploitation of a nodejs application, with the attacker spawning a reverse shell inside of a container and moving laterally within the Kubernetes environment.

 

We will demonstrate how the combined Process and Network Event Data:

  • identify the suspicious Late Process Execution
  • tie the suspicious processes to a randomly generated External Domain Name
  • trace the Lateral Movement and Data Exfiltration of the attacker post-exploit
DifficultyIntermediate
VersionEnterprise
TopicsSecurity
ProjectTetragon

Main steps in the lab

01🚀 Deploying a demo app

Let's deploy the demo app!

02👓 Explore Process and Network Events

Now with our application deployed, how do we view events?

03🛰️ Viewing Processes in Hubble Enterprise

Let's go through a security use case!

04👨🏻‍💻 Observe security events as raw JSON

How do we see events as JSON?