Container

container

The Container object describes an instance of a specific container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.

Attributes

CaptionNameTypeDescription
HashhashFingerprint[]

Entity:FINGERPRINT
Commit hash of image created for docker or the SHA256 hash of the container. For example: 13550340a8681c84c861aac2e5b440161c2b33a3e4f302ac680ca5b686de48de.

ImageimageImage[]

The container image used as a template to run the container.

LabelslabelsString[]

The list of labels associated to the container.

NamenameString

The container name.

Network Drivernetwork_driverString

The network driver used by the container. For example, bridge, overlay, host, none, etc.

OrchestratororchestratorString

The orchestrator managing the container, such as ECS, EKS, K8s, or OpenShift.

Pod UUIDpod_uuidUUID

The unique identifier of the pod (or equivalent) that the container is executing on.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

RuntimeruntimeString

The backend running the container, such as containerd or cri-o.

SizesizeLong

The size of the container image.

Image TagtagString

The tag used by the container. It can indicate version, format, OS.

🚧 WARNING: DEPRECATED

Image Tag has been deprecated since 1.4.0. Use the labels or tags attribute instead.

TagstagsKey:Value object[]

The list of tags; key:value pairs associated to the container.

Unique IDuidString

The full container unique identifier for this instantiation of the container. For example: ac2ea168264a08f9aaca0dfc82ff3551418dfd22d02b713142a6843caa2f61bf.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Container shown in context

Inbound Relationships

These objects and events reference Container in their attributes:

Outbound Relationships

Container references the following objects and events in its attributes:

This page describes ocsf-1.4.0