Docker Image History

Overview

Evidence: Docker Image History Description: Collect Docker Image History Category: Containers Platform: macOS Short Name: dockimagehist Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Docker container information provides details about containerized applications, their configurations, and runtime data. This data is essential for understanding containerized workloads, detecting container-based attacks, and investigating container security incidents.## Data Collected

This collector gathers structured data about docker image history.

Docker Image History Data

Field

Description

Example

ID

Primary key (auto-increment)

ContainerID

Container ID

abc123def456

Name

Container name

web-server

Image

Docker image

nginx:latest

Status

Container status

running

Created

Creation timestamp

2023-10-15 14:30:25

Ports

Exposed ports

80:8080

Command

Container command

/bin/bash

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousDocker Containers NextDocker Images

Last updated 13 minutes ago

Was this helpful?