Container

A standard unit of virtualized software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another[1]

ID: DS0032
Platform: Containers
Collection Layer: Container
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Container: Container Creation

Initial construction of a new container (ex: docker create )

Container: Container Creation

Initial construction of a new container (ex: docker create )

Domain ID Name
Enterprise T1610 Deploy Container
Enterprise T1611 Escape to Host
Enterprise T1053 Scheduled Task/Job
.007 Container Orchestration Job
Enterprise T1204 User Execution
.003 Malicious Image

Container: Container Enumeration

An extracted list of containers (ex: docker ps)

Container: Container Enumeration

An extracted list of containers (ex: docker ps)

Domain ID Name
Enterprise T1613 Container and Resource Discovery

Container: Container Metadata

Contextual data about a container and activity around it such as name, ID, image, or status

Container: Container Metadata

Contextual data about a container and activity around it such as name, ID, image, or status

Domain ID Name
Enterprise T1613 Container and Resource Discovery

Container: Container Start

Activation or invocation of a container (ex: docker start or docker restart)

Container: Container Start

Activation or invocation of a container (ex: docker start or docker restart)

Domain ID Name
Enterprise T1610 Deploy Container
Enterprise T1204 User Execution
.003 Malicious Image

References