Docker Processes

Overview

Evidence: Docker Processes Description: Collect Docker Processes. Category: Applications Platform: linux Short Name: docktops Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Docker container processes show which processes are running inside each container. This data reveals the actual workload, potential process injection, privilege escalation, and unauthorized process execution within containerized environments.

Data Collected

This collector gathers structured data about docker processes.

Collection Method

This collector queries the Docker daemon via Docker Engine API to execute 'top' command for each container. It lists processes, PIDs, user, CPU usage, memory usage, and command line for processes running in containers.

Forensic Value

Process data within containers identifies cryptominers, reverse shells, suspicious child processes, or privilege escalation attempts. Comparing running processes against expected workload helps detect compromised containers, malware, or unauthorized access to containerized applications.

PreviousDocker Networks NextDocker Volumes

Last updated 3 days ago

Was this helpful?