Scan running Kubernetes containers

[ogarrett]

Requirement: I am running pods in Kubernetes and I have reason to suspect that one of the containers may have been compromised (high CPU, unexpected network, or just a desire for routine verification). I wish to run IOCScanner against workloads on my Kubernetes cluster.

Use Cases:

• Run IOCScanner against a single container (provide container ID, pod ID, node ID): IOCScanner scans that single container
• Run IOCScanner against a named pod (provide pod ID): IOCScanner locates that pod on the cluster and scans the containers within
• Run IOCScanner against a named selector (e.g. service name, label etc): IOCScanner locates all matching pods and scans all of the containers within

Documentation Requirements:

• How to satisfy each use case interactively and identify potentially-compromised workloads
• How to satisfy each use case non-interactively and identify potentially-compromised workloads