In the Web Console, you can manage the operation of the Container Monitoring component in the policy properties (Application settings → General settings → Container Scan settings).
Container monitoring settings
Setting |
Description |
---|---|
Namespace and container scan enabled / disabled |
This toggle switch enables or disables the scanning of namespaces and containers in real time. The check toggle button is switched on by default. |
Action with container upon threat detection |
You can select the action that the application performs on a container when it detects an infected object:
This setting is available when using the application under a license that supports this function. |
Use Docker |
This check box enables or disables the use of the Docker environment. The check box is selected by default. |
Docker socket path |
Entry field for the path or URI (Uniform Resource Identifier) of the Docker socket. Default value: /var/run/docker.sock. |
Use CRI-O |
The check box enables or disables the use of the CRI-O environment. The check box is selected by default. |
File path |
Entry field for the path to CRI-O configuration file. Default value: /etc/crio/crio.conf. |
Use Podman |
The check box enables or disables the use of the Podman utility. The check box is selected by default. |
File path |
Entry field for the path to the Podman utility executable file. Default value: /usr/bin/podman. |
Root directory |
Entry field for the path to the root directory of the container storage. Default value: /var/lib/containers/storage. |
Use runc |
The check box enables or disables the use of the runc utility. The check box is selected by default. |
File path |
Entry field for the path to the runc utility executable file. Default value: /usr/bin/runc. |
Root directory |
Entry field for the path to the root directory of the container state storage. Default value: /run/runc. |