Skip to main content

Get Runtime Container Profiles

GET 
/api/v32.07/profiles/container
x-prisma-cloud-target-env: {"permission":"monitorRuntimeContainers"}

Retrieves the details and state of all runtime models.

cURL Request

Refer to the following example cURL command that lists all runtime models in a system:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  https://<CONSOLE>/api/v<VERSION>/profiles/container

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    id string[]

    IDs is the runtime profile id filter.

    os string[]

    OS is the service runtime profile OS filter.

    state string[]

    States is the runtime profile state filter.

    imageID string[]

    ImageIDs is the runtime profile image id filter.

    image string[]

    Images is the runtime profile image filter.

    hostName string[]

    Hosts is the runtime profile hostname filter.

    namespace string[]

    Namespaces is the runtime profile k8s namespace filter.

    cluster string[]

    Clusters is the runtime profile k8s cluster filter.

Responses

Schema
  • Array [
    • _id string

    ID is the profile ID.

    accountIDs string (string)[]

    AccountIDs are the cloud account IDs associated with the container runtime profile.

    archived boolean

    Archive indicates whether this profile is archived.

    capabilities object

    ContainerCapabilities are a set of static capabilities for a given container

    ci boolean

    CI indicates the container allowed to write binaries to disk and run them.

    cloudMetadata boolean

    CloudMetadata indicates the given container can query cloud metadata api.

    dnsCache boolean

    DNSCache are DNS services that are used by all the pods in the cluster.

    dynamicDNSQuery boolean

    DynamicDNSQuery indicates capped behavioral dns queries.

    dynamicFileCreation boolean

    DynamicFileCreation indicates capped behavioral filesystem paths.

    dynamicProcessCreation boolean

    DynamicProcessCreation indicates capped behavioral processes.

    k8s boolean

    Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).

    proxy boolean

    Proxy indicates the container can listen on any port and perform multiple outbound connection.

    pullImage boolean

    PullImage indicates that the container is allowed pull images (might include files with high entropy).

    sshd boolean

    Sshd indicates whether the container can run sshd process.

    unpacker boolean

    Unpacker indicates the container is allowed to write shared libraries to disk.

    cluster string

    Cluster is the provided cluster name.

    collections string (string)[]

    Collections are collections to which this profile applies.

    created date-time

    Created is the profile creation time.

    entrypoint string

    Entrypoint is the image entrypoint.

    events object[]

    Events are the last historical interactive process events for this profile, they are updated in a designated flow.

  • Array [
    • _id string

    ID is the history event entity.

    command string

    Command is the process that was executed.

    hostname string

    Hostname is the hostname on which the command was invoked.

    time date-time

    Time is the time of the event.

  • ]
    • filesystem object

    ProfileFilesystem defines the filesystem features profile

    behavioral object[]

    Behavioral is filesystem data learned from behavioral analysis.

  • Array [
    • mount boolean

    Mount indicates whether the given folder is a mount.

    path string

    Path is the file path.

    process string

    Process is the process that accessed the file.

    time date-time

    Time is the time in which the file was added.

  • ]
    • static object[]

    Static is filesystem data learned from static analysis.

  • Array [
    • mount boolean

    Mount indicates whether the given folder is a mount.

    path string

    Path is the file path.

    process string

    Process is the process that accessed the file.

    time date-time

    Time is the time in which the file was added.

  • ]
    • hash int64

    ProfileHash represents the profile hash It is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types

    hostNetwork boolean

    HostNetwork whether the instance share the network namespace with the host.

    hostPid boolean

    HostPid indicates whether the instance share the pid namespace with the host.

    image string

    Image is the image name that represents the image.

    imageID string

    ImageID is the profile's image ID.

    infra boolean

    InfraContainer indicates this is an infrastructure container.

    istio boolean

    Istio states whether it is an istio-monitored profile.

    k8s object

    ProfileKubernetesData holds Kubernetes data

    clusterRoles object[]

    ClusterRoles are the cluster roles of the associated service account.

  • Array [
    • labels object[]

    Labels are the labels associated with the role.

  • Array [
    • key string

    Key is the key of the label.

    value string

    Value is the value of the label.

  • ]
    • name string

    Name is the kubernetes role name.

    roleBinding string

    RoleBinding is the name of the role binding used for display.

    rules object[]

    Rules are the policy rules associated with the role.

  • Array [
    • apiGroups string (string)[]

    .

    nonResourceURLs string (string)[]

    .

    resourceNames string (string)[]

    .

    resources string (string)[]

    .

    verbs string (string)[]

    .

  • ]
    • version string

    Version is the resource version of the role object maintained by Kubernetes.

  • ]
    • roles object[]

    Roles are the roles of the associated service account.

  • Array [
    • labels object[]

    Labels are the labels associated with the role.

  • Array [
    • key string

    Key is the key of the label.

    value string

    Value is the value of the label.

  • ]
    • name string

    Name is the role name.

    namespace string

    Namespace is the namespace associated with the role.

    roleBinding string

    RoleBinding is the name of the role binding used for display.

    rules object[]

    Rules are the list of rules associated with the cluster role.

  • Array [
    • apiGroups string (string)[]

    .

    nonResourceURLs string (string)[]

    .

    resourceNames string (string)[]

    .

    resources string (string)[]

    .

    verbs string (string)[]

    .

  • ]
    • version string

    Version is the resource version of the role object maintained by Kubernetes.

  • ]
    • serviceAccount string

    ServiceAccount is the service account used to access Kubernetes apiserver This field will be empty if the container is not running inside of a Pod.

    label string

    Label is the profile's label.

    lastUpdate date-time

    Modified is the last time when this profile was modified.

    learnedStartup boolean

    LearnedStartup indicates that startup events were learned.

    namespace string

    Namespace is the k8s deployment namespace.

    network object

    ProfileNetwork represents networking data that is learned

    behavioral object

    ProfileNetworkBehavioral represents the behavioral data learned for networking

    dnsQueries object[]

    DNSQueries is the learned DNS queries.

  • Array [
    • domainName string

    DomainName is the queried domain name.

    domainType string

    DomainType is the queried domain type.

  • ]
    • listeningPorts object[]

    Listening is the learned listening ports.

  • Array [
    • app string

    App is the name of the app.

    portsData object

    ProfilePortData represents a runtime profile ports data

    all boolean

    All indicates that this port data represents any arbitrary ports.

    ports object[]

    Ports is the list of profile runtime ports.

  • Array [
    • port integer

    Port is the port number.

    time date-time

    Time is the learning timestamp of this port.

  • ]
  • ]
    • outboundPorts object

    ProfilePortData represents a runtime profile ports data

    all boolean

    All indicates that this port data represents any arbitrary ports.

    ports object[]

    Ports is the list of profile runtime ports.

  • Array [
    • port integer

    Port is the port number.

    time date-time

    Time is the learning timestamp of this port.

  • ]
    • geoip object

    ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile

    countries object[]

    Countries is a list of ip addresses with their corresponding country codes.

  • Array [
    • code string

    Code is the country iso code.

    ip string

    IP is the ip address.

    modified date-time

    Modified is the last modified time of this entry.

  • ]
    • modified date-time

    Modified is the last modified time of the cache.

    static object

    ProfileNetworkStatic represent the static section of the networking profile

    listeningPorts object[]

    Listening are the listening ports learned by static analysis.

  • Array [
    • app string

    App is the name of the app.

    portsData object

    ProfilePortData represents a runtime profile ports data

    all boolean

    All indicates that this port data represents any arbitrary ports.

    ports object[]

    Ports is the list of profile runtime ports.

  • Array [
    • port integer

    Port is the port number.

    time date-time

    Time is the learning timestamp of this port.

  • ]
  • ]
    • os string

    OS is the profile image OS.

    processes object

    ProfileProcesses represents the process data that is learned for a specific image

    behavioral object[]

    Behavioral are process details learned from behavioral analysis.

  • Array [
    • command string

    Command is the executed command.

    interactive boolean

    Interactive indicates whether the process belongs to an interactive session.

    md5 string

    MD5 is the process binary MD5 sum.

    modified boolean

    Modified indicates the process binary was modified after the container has started.

    path string

    Path is the process binary path.

    ppath string

    PPath is the parent process path.

    time date-time

    Time is the time in which the process was added. If the process was modified, Time is the modification time.

    user string

    User represents the username that started the process.

  • ]
    • static object[]

    Static are process details learned from static analysis.

  • Array [
    • command string

    Command is the executed command.

    interactive boolean

    Interactive indicates whether the process belongs to an interactive session.

    md5 string

    MD5 is the process binary MD5 sum.

    modified boolean

    Modified indicates the process binary was modified after the container has started.

    path string

    Path is the process binary path.

    ppath string

    PPath is the parent process path.

    time date-time

    Time is the time in which the process was added. If the process was modified, Time is the modification time.

    user string

    User represents the username that started the process.

  • ]
    • relearningCause string

    RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after being activated.

    remainingLearningDurationSec double

    RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.

    state shared.RuntimeProfileState (string)

    Possible values: [learning,dryRun,learningExtended,manualLearning,manualRelearning,active,manualActive]

    RuntimeProfileState represents the state of an image profile

  • ]
Loading...