You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-containers-introduction.md
+23-1Lines changed: 23 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,7 +72,9 @@ Defender for Containers provides real-time threat protection for [supported cont
72
72
73
73
Threat protection is provided for Kubernetes at the cluster, node, and workload levels. Both sensor-based coverage that requires the [Defender sensor](defender-for-cloud-glossary.md#defender-sensor) and agentless coverage based on analysis of the Kubernetes audit logs are used to detect threats. Security alerts are only triggered for actions and deployments that occur after you enable Defender for Containers on your subscription.
74
74
75
-
Examples of security events that Microsoft Defenders for Containers monitors include:
75
+
### Runtime detection examples
76
+
77
+
Examples of security events that Microsoft Defender for Containers monitors include:
76
78
77
79
- Exposed Kubernetes dashboards
78
80
- Creation of high privileged roles
@@ -86,6 +88,26 @@ Defender for Cloud monitors the attack surface of multicloud Kubernetes deployme
86
88
87
89
Defender for Cloud is [integrated with Microsoft Defender XDR](concept-integration-365.md). When Defender for Containers is enabled, security operators can use [Defender XDR to investigate and respond](/defender-xdr/investigate-respond-container-threats) to security issues in supported Kubernetes services.
88
90
91
+
### Microsoft-maintained container images
92
+
93
+
Defender for Containers deploys container images that are maintained and updated by Microsoft as part of the runtime protection components. These images are hosted in Microsoft Container Registry (MCR).
94
+
95
+
Customers don't modify or patch these images directly. Microsoft maintains and updates them as part of the Defender for Containers release process.
96
+
97
+
The following images are used by Defender for Containers runtime protection components:
98
+
99
+
| Image | Purpose | MCR path |
100
+
|---|---|---|
101
+
|`security-publisher`| Publishes security findings collected from Kubernetes environments |`mcr.microsoft.com/azuredefender/stable/security-publisher`|
102
+
|`defender-sensor`| Provides runtime threat detection for Kubernetes clusters and workloads |`mcr.microsoft.com/azuredefender/stable/defender-sensor`|
103
+
104
+
Updates are delivered through the deployment mechanism used by your environment. For example:
105
+
106
+
- When deployed using the **AKS add-on**, updates are delivered through the AKS release lifecycle.
107
+
- When deployed using **Helm**, updated images are available through updated chart versions.
108
+
109
+
If you detect a vulnerability in a Microsoft-maintained Defender image, open an Azure support request and include the image name, tag, and CVE identifier.
110
+
89
111
## Learn more
90
112
91
113
Learn more about Defender for Containers in the following blogs:
0 commit comments