Advanced prevention identifies hacker attacks adaptively, monitors and protects container runtime security in real time, and utilizes diversified security features, including abnormal process, file tampering, and high-risk syscall.
Abnormal process: It applies preset rules and custom check rules to monitor abnormal process startups in real time and then trigger alerts or block the exceptions. The system monitoring policy covers proxy software, lateral movements, malicious commands, reverse shells, fileless execution, high-risk commands, and unusual start found in the child process of the sensitive service. File tampering: It applies preset rules and custom check rules to monitor abnormal file access behaviors that modify core files in real time and then trigger alerts or block the exceptions. The system monitoring policy covers rules for tampering with scheduled tasks, system programs, and user configurations. High-risk syscall: It leverages Tencent Cloud's adaptive learning technologies in security protection to audit Linux syscalls initiated in the container that may cause security risks in real time. Note:
Container alert events retain data only from the past six months. Daily automated checks detect and purge alert events older than 180 days, and expired data will no longer be displayed or queried. For extended retention, Log shipping is recommended for archival purposes.