- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when a file that is not part of the original container image has been created and executed within the container.
Attackers sometimes add scripts to running containers to exploit some functionality or automate some actions. Normally, containers are meant to be immutable environments, and when you require new scripts or other executable files, you add them to the container image itself and not to the running container. This detection identifies when newly created files are executed shortly after file creation or modification.
This rule uses the New Value detection method. Datadog will learn the historical behavior of a specified field in agent logs and then create a signal when unfamiliar values appear.
Requires Agent version 7.29 or greater