container

The Container object describes an instance of a specific container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.

Attributes

CaptionNameTypeDescription
Hash hash Fingerprint[] Entity:FINGERPRINT
Commit hash of image created for docker or the SHA256 hash of the container. For example: 13550340a8681c84c861aac2e5b440161c2b33a3e4f302ac680ca5b686de48de.
Image image Image[] The container image used as a template to run the container.
Labels labels String[] The list of labels associated to the container.
Name name String The container name.
Network Driver network_driver String The network driver used by the container. For example, bridge, overlay, host, none, etc.
Orchestrator orchestrator String The orchestrator managing the container, such as ECS, EKS, K8s, or OpenShift.
Pod UUID pod_uuid UUID The unique identifier of the pod (or equivalent) that the container is executing on.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Runtime runtime String The backend running the container, such as containerd or cri-o.
Size size Long The size of the container image.
Image Tag tag String The tag used by the container. It can indicate version, format, OS.

🚧 WARNING: DEPRECATED

Image Tag has been deprecated since 1.4.0. Use the labels or tags attribute instead.

Tags tags Key:Value object[] The list of tags; {key:value} pairs associated to the container.
Unique ID uid String The full container unique identifier for this instantiation of the container. For example: ac2ea168264a08f9aaca0dfc82ff3551418dfd22d02b713142a6843caa2f61bf.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Container shown in context

Inbound Relationships

These objects and events reference Container in their attributes:

Outbound Relationships

Container references the following objects and events in its attributes:

This page describes ocsf-1.4.0