This view is available with Lacework data share v.1, v.2, v.3, or v.4.
This view provides a historical summary of containers with some aggregation.
Lacework continuously monitors for containers in your environment and returns a row in the CONTAINER_SUMMARY_V view when Lacework detects a new key. For this view, a key is generated from the MID (machine id), CONTAINER_NAME, START_TIME, and END_TIME. Note that the container rows are aggregated hourly. For example, if the same key is detected twice between 1:00 AM (START_TIME) and 1:59 AM (END_TIME), only one row is returned for this hour. For the next hour, the START_TIME (2:00 AM) and END_TIME (2:59 AM) are different so if the same container is detected again, a new row is returned because the key is different.
Each row contains container information as listed in the columns.
|Column Name||Data Type||Description|
|START_TIME||Timestamp||The time and date when the hourly aggregation time period starts.|
|END_TIME||Timestamp||The time and date when the hourly aggregation time period ends.|
|MID||Number||The Lacework-generated machine identifier where the container runs.|
|CONTAINER_NAME||Text||The name assigned to a container to help humans to identify a container.|
|POD_NAME||Text||The pod name that the container is running on.|
|IMAGE_ID||Text||The Lacework-generated image identifier that uniquely identifies the container Image.|
|PROPS_CONTAINER||JSON OBJECT||The properties associated with the container and the POD.|
|TAGS||JSON OBJECT||The tags or labels assigned to machines (such as VMs) to categorize them.|