logo logo
Forensic Analysis of Security Events Using AccuKnox
Initializing search
    GitHub
    • Open Support Ticket
    • Home
    • Overview
    • Getting Started
    • Integrations
    • Use-Cases
    • Support Matrix
    • Resources
    • FAQs
    GitHub
    • Home
    • Overview
      • AccuKnox Enterprise Architecture
      • AccuKnox Agents
      • Deployment Models
      • DevSecOps
    • Getting Started
        • Overview
        • ASPM Playbook
        • CSPM Playbook
        • CWPP Playbook
        • KSPM Playbook
        • Host Security Playbook
        • Integrations Playbook
          • AWS
          • Azure
          • GCP
          • AWS
          • Azure
          • GCP
          • Offboard Clound Account
          • Runtime Security Prerequisites
          • Runtime Security Onboarding
          • Cluster Onboarding with Access Keys
          • Cluster Miconfiguration Scan Onboarding
          • CIS Benchmarking
          • Cluster Offboarding
          • VM Onboard/Deboard with Docker
          • VM Onboard/Deboard with SystemD
          • SystemD Based Non-BTF Environments
          • VM Onboarding with Access Keys
        • Generate CWPP Reports
          • WordPress-MySQL
          • DVWA
          • PHP-MySQL
        • Overview
        • Github IaC Scan
        • AWS CDK IaC Scan
        • ACR
        • ECR
        • GAR
        • Harbor
        • Dockerhub Registry
        • Docker Trusted Registry
        • Sonatype Nexus
        • JFrog Container
        • Quay
        • In-Cluster Scanner
        • On-prem Installation
        • Security on OpenShift
          • RINC
        • Open source vs Enterprise
        • Open Source Installation
      • Signup/Login via SSO
      • Create Tokens
      • Create Labels
      • Create Access Keys
        • Configure Custom Report
        • Summarized Custom Report
    • Integrations
        • Overview
          • Overview
          • SAST
          • Container Image Scan
          • Iac Scan
          • DAST
          • Secret Scan
          • OpenGrep SAST
          • Overview
          • SAST
          • Container Image Scan
          • IaC Scan
          • DAST
          • Overview
          • SAST
          • Container Image Scan
          • IaC Scan
          • DAST
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scan
            • SAST
            • DAST
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Overview
          • Onboard Private Repos
          • SAST
          • SAST (Semgrep)
          • SAST (Opengrep)
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scanning with Github Actions
          • Overview
          • SAST
          • SAST (Opengrep)
          • Container Scan
          • IaC Scan (AccuKnox)
          • IaC Scan (GitLab Pipeline)
          • DAST
          • Secret Scan
            • Container Scan Variables
            • IaC Scan Variables
            • DAST Scan Variables
            • SAST Scan variables
          • Overview
          • SAST
          • Container Scan
          • IaC Scan
          • DAST
          • Secret Scan
          • OpenGrep SAST
            • Container Scan Variables
            • IaC Scan Variables
            • DAST Scan Variables
            • SAST Scan variables
          • Overview
          • SAST
          • SCA
          • Iac Scan (KICS)
          • Container Scan
      • Registry Scan
        • Rafay
          • KubeArmor
          • AccuKnox Agents
          • AccuKnox
          • KubeArmor
        • Spectro Cloud
        • Ticket Templates
        • Jira Cloud
        • Jira Server
        • Freshservice
        • Connectwise
        • ServiceNow
          • Logs
          • Alerts
        • Splunk
        • AccuKnox SplunkApp
        • KubeArmor Splunk Integration
        • Azure Sentinel
        • Azure Sentinel Feeder Integration
        • Rsyslog
        • Rsyslog Feeder Integration
        • AWS Cloudwatch
        • Azure Entra
        • Slack
        • Email
      • OAuth
      • Email Backend
    • Use-Cases
      • CNAPP Dashboard Widgets
        • EPSS Scoring
        • Rules Engine
        • Vulnerability Management
        • GitHub
        • Azure DevOps
        • Bitbucket
        • Jenkins
        • Gitlab
        • Jupyter Notebook
          • Overview
          • Pickle Code Injection PoC
          • Adversarial Attacks on Deep Learning Models
          • Deploy PyTorch App with ModelKnox
        • Overview
        • Asset Inventory
          • Overview
          • Network Security
          • Compute Security
          • Database Security
          • Overview
          • IAM Security
          • Network Security
          • Compute Security
          • Storage Security
          • Overview
          • IAM Security
          • Network Security
          • Compute Security
          • Multi-cloud Compliance
          • Cloud Misconfiguration and Drift Detection
        • CWPP Overview
          • Zero Trust Security
          • Audit/Forensics
          • Runtime Application Behavior Discovery
          • HashiCorp Vault Hardening
          • CyberArk Conjur Hardening
          • Cryptojacking
          • Hildegard
        • Container Image Scan
        • Application Security Posture Management (ASPM)
        • IaC Scan
        • Container Scan
        • SAST
        • DAST (MFA-Enabled)
        • DAST XSS Mitigation
        • Secrets Scan
        • Overview
        • Admission Controller
        • Kubernetes Identity and Entitlement Management (KIEM)
        • Pod Security Admission Control
        • CIS K8s Benchmark Findings
        • Workload Hardening
        • Runtime Application Hardening
        • Network Micro-segmentation
        • Cluster Misconfiguration Scan
        • Mitigate Supply Chain Attacks with KnoxGuard
        • Introduction
            • Overview
            • AWS Misconfigurations
            • GCP Misconfigurations
            • Azure Misconfigurations
          • Host Security Scan
          • Malware Scan
          • Compliance Benchmarking & Risk Assessment
          • Audit & Log Management
            • Blocking Execution of Package Managers
            • File Integrity Monitoring
          • Preventing Cryptominers Attack
          • Defending against Log4Shell
          • OnDemand and Scheduled
          • Host Scan Report
      • Access Keys
      • IoT/Edge Security
      • 5G Security
    • Support Matrix
      • CI/CD Support Matrix
      • CSPM Assets Support
      • Compliance Matrix
      • VMs
      • Private Cloud
      • Public Cloud
      • Registry Scan
      • IaC
      • KubeArmor Support Matrix
    • Resources
      • CWPP Troubleshooting
      • CSPM Troubleshooting
      • User Manual
        • RedHat Marketplace Installation Guide
          • KubeArmor Installation Guide
          • AWS Installation Guide
          • KubeArmor EKS add-on
        • Oracle Marketplace Installation Guide
        • Azure Marketplace Installation Guide
      • Customer Data Backup Guide
      • Upgrading AccuKnox Agents
        • CSPM Cloud Assets
        • CWPP Container Images
        • CWPP Worker Nodes
      • Ticketing Procedures
      • Technical Guide
          • v2.4 Release Notes
          • v2.1-v2.2 Release Notes
          • v2.0 Release Notes
          • v1.7 Release Notes
          • v1.6 Release Notes
          • v1.5 Release Notes
        • KubeArmor
      • Glossary
    • FAQs

    Audit/Forensics

    Process forensics

    Process forensics

    Get granular details of all the executed processes within the target workloads.

    File forensics

    File forensics

    Get granular details of all the accessed files within the target workloads.

    Network forensics

    Network forensics

    Get granular details of all the network accesses within the target workloads.

    Syscall forensics

    Syscall forensics

    Get granular details of all the security sensitive system calls within the target workloads.

    Sensitive Asset audit

    Sensitive Asset audit

    Audit any (read/write) accesses to sensitive assets.

    Was this page helpful?
    Thanks for your feedback!
    Thanks for your feedback! Help us improve this page by using our feedback form.
    Previous
    Zero Trust Security
    Next
    Runtime Application Behavior Discovery
    © 2024 AccuKnox. All Rights Reserved.
    Made with Material for MkDocs