TOC & Recently Viewed

Recently Viewed Topics

View Container Details

Required User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

A container is a running instance of an image. You create containers from an image each time you run the image on your application. You can create multiple containers from a single image, and you can make changes to those containers without affecting the image from which you created them.

When you perform a scan on your system using Nessus or Nessus Agent, Tenable.io Container Security identifies the images and containers in the system and analyzes the containers for risk.

Tenable.io Container Security then displays the containers by scan status and risk level in the Identified Containers widget on the Container Security dashboard based on the results of the most recent scan.

Note: Tenable.io Container Security imports and rescans your images at eight-hour intervals, beginning when you first import and scan the images.

Before you begin:

  • If Tenable.io Container Security has not yet scanned the source image used to create the container you want to analyze, use one of the following methods to import the image for scanning:

  • Run a Nessus scan on the network where your containers run, selecting the Basic Network Scan template and providing your network authentication credentials. For more information about scan templates, see Scan and Policy Templates in the Nessus User Guide.

    Note: Tenable.io Container Security imports data from Nessus to determine if there have ever been any changes made to files on the container. If Nessus detects file changes, Tenable recommends that you check your images and repositories and confirm that no one has accessed them without authorization.

    Tip: Alternatively, you can run a Nessus Agent scan on the network where the container runs. For more information, see the Nessus Agent User Guide.

To view container details:

  1. In the Container Security dashboard, find the Identified Containers widget. This widget categorizes your containers by risk and scan status.

    Note: For information about how Tenable.io Container Security calculates container risk, see Container Risk.

  2. Click the Identified Containers widget.
    The Identified Containers page appears. The identified containers table lists all the containers created from images scanned by Tenable.io Container Security.
  3. In the identified containers table, you can:

    • Filter the identified containers table.
    • Search the identified containers table.
    • View the summary for your identified containers in the identified containers table.

      Column Description
      Container ID

      The ID that the software your container runs on assigned to the container.

      Repository/Image:Tag The repository name, image name, and image tag (e.g., latest).
      Risk Score

      The risk score on a scale of 1-10.

      Scan Status

      Indicates whether Tenable.io Container Security has scanned the container's source image.

      • check markTenable.io Container Security has scanned the source image.
      • warning Tenable.io Container Security has never scanned the source image.

        Note: When you initiate an image import, Tenable.io Container Security immediately queues the image to be scanned. However, Tenable.io Container Security does not always complete the scan immediately. To prevent undetected vulnerabilities, Tenable recommends that you confirm any images marked as not scanned are imported for scanning. For information about how to import and scan images, see Get Started with Tenable.io Container Security.

      File Changed

      Indicates whether the Nessus scan detected any changes to container files.

      Note: If file changes are detected, Tenable recommends that you check your images and repositories and confirm that no one has accessed them without authorization.

      • check mark — Nessus did not detect file changes during its scan.
      • warning — Nessus detected file changes during its scan.
      Vulnerabilities

      The number of vulnerabilities detected in the container.

      Malware

      The number of malware items detected in the container.

      Host IP

      The IP address for the server where the container runs.

    •  View details for a specific container.
      1. In the identified containers table, click the row for the container you want to view.
        The identified containers details page appears.
      2. On the identified containers details page, you can:

        TabAction
        Vulnerabilities
        • View details for each vulnerability identified in the image your identified container links to:
          • In the Severity column, view the severity rating Tenable.io Container Security assigned the image.

            Note: For information about how Tenable.io Container Security determines image risk, see Image Risk.

          • In the Exposure ID column, view the vulnerability's ID.

            Note: The authority that identifies a given vulnerability determines the vulnerability’s ID format.

          • In the Risk Score column, view the CVSSv2 score.
          • In the Release Date column, view the date when the software on which the container runs released the vulnerability.
        • Click a row in the vulnerabilities table.

          The vulnerability details plane appears, containing details and remediation recommendations for the vulnerability.

        Malware
        • View details about malware detected in the identified container:
          • In the Infected File column, view the name of each infected file as it appears on the container.
          • In the Risk Score column, view the CVSSv2 score for each infected file.
        Images
        • View details about the image your container links to.
          • In the Image ID column, view the image ID.

            Note: The image ID automatically generates when the software that hosts your image (e.g., Docker) creates the image.

          • In the Repository column, view the local repository where the image resides.
          • In the Image Name column, view the image name as it appears in the repository.
          • In the Tag column, view the tag associated with the image (e.g., latest).
        • Click a row in the image table.

          The details page appears for the image your identified container links to. For information about the image details, see View Scan Results for Container Images.

        Package Inventory

        View details about the package in the image your identified container links to, including the package name, version, license, and type.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.