To navigate to the Applications Workload dossier in the Lacework Console, click Workload > Applications. See Workload Dossier Navigation and Filters for information about filtering dossier data.
These charts aggregate data for all running applications where Lacework agents are installed. Available charts present CPU usage, memory usage, network-related information such as connections and bytes, etc.
The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page.
Polygraphs display all observed network activity from running applications. Available Polygraphs include Application Communication, Application Launch, and Insider Behavior.
Displayed information includes the application name, connections made to or from the application, and the number of connections. Connections include internal connections to other applications running on the host and external connections to hosts. If applications make external connections to known bad domains/IPs, they are flagged.
List of Applications
This table displays observed applications across all machines.
Active Listening Ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.
This table displays detailed application information when it can be determined.
Command Line by Executable
This table displays the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.
This table displays the username and hostname for all observed applications.
List of Active Containers and Container Image Information
These tables display active containers and container image information and any vulnerabilities found in them. Container information includes the container type, the host where it is located, associated tags, hash, etc. Image information includes size, number of such containers, creation time, etc.
To view additional details about the compliance status for a container or image, hover over a row until VIEW REPORT displays and click VIEW REPORT. Click an entry link in any table to open a new view with details about that entry. For example, click an image name to display additional information about that image.
If your environment does not have any running containers, these tables do not display any data.
A Kubernetes Pod is the smallest deployed unit in the Kubernetes object model. A Pod represents a single instance of an application in Kubernetes, which might consist of either a single container or a small number of containers that are tightly coupled and share resources.