- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect the execution of a shell with the interactive flag (-i
) in a container.
After an attacker’s initial intrusion into a victim container (for example, through a web shell exploit), they may attempt to escalate privileges, break out of the container, or exfiltrate secrets by running interative shell utilities inside of the container. This detection triggers when execution of one of a set of common Linux shell utilities (like bash
or sh
) is detected in a container with the interactive flag (-i
). If this is unexpected behavior, it could indicate an attacker attempting to run arbitrary commands inside of your containers and potentially break out onto the host.
-i
flag.