- 重要な情報
- はじめに
- 用語集
- ガイド
- エージェント
- インテグレーション
- OpenTelemetry
- 開発者
- API
- CoScreen
- アプリ内
- Service Management
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
Detect when a file that is not part of the original container image has been created and executed within the container.
Attackers sometimes add scripts to running containers to exploit some functionality or automate some actions. Normally, containers are meant to be immutable environments, and when you require new scripts or other executable files, you add them to the container image itself and not to the running container. This detection identifies when newly created files are executed shortly after file creation or modification.
This rule uses the New Value detection method. Datadog will learn the historical behavior of a specified field in agent logs and then create a signal when unfamiliar values appear.
Requires Agent version 7.29 or greater