Container Inventory | Trend Micro Service Central

Views:

Connect Kubernetes and Amazon ECS clusters, deploy Container Protection policies and proxy settings, create and manage Kubernetes cluster groups, and monitor your container environment from Container Inventory.

Different options are available for Kubernetes and Amazon ECS clusters. The options are outlined in the tables below.

Tip

You can find assets by using the search function or clicking the filter icon ( filter_icon=GUID-1d5c17ad-8efa-46f7-a1c7-33cbc1b1329c.png

) to apply filters by column headings.

Kubernetes

The following table outlines the options available for Kubernetes clusters.

Option

Options

View details about your container environment

Container Inventory provides a tree view to manage the protection of all your connected Kubernetes clusters.

Kubernetes tree hierarchy: Orchestration system (Kubernetes) > Orchestration platform > Cluster > Node > Pod > Container

The following orchestrations platforms are available:

Amazon EKS
Microsoft AKS
Google Cloud GKE
Self-managed

Add new Kubernetes clusters

Select an orchestration platform from the tree. Click Add Cluster (if clusters have previously been added to the orchestration platform) or Deploy protection to a Kubernetes Cluster (if no clusters have previously been added to the orchestration platform).

For detailed instructions, see:

Stop protecting Kubernetes clusters

Select Kubernetes or an orchestration platform from the tree, select the radio button next to the cluster name, and then click Remove Cluster.

Note

Removing a cluster from the list does not delete existing data received by Trend Vision One.

Create and manage cluster groups

Organize Kubernetes clusters into groups for enhanced control and streamlined management.

Create a new group: Select the options icon () next to the orchestration platform or an existing group. The new group will be created within the selected group.
Create a new cluster within a group: Select a group from the tree and click Add Cluster or Deploy protection to a Kubernetes Cluster. The new cluster will be added within the selected group.
Edit group settings: Click the options icon () next to the group to rename, or remove the group.

Note

Asset Visibility Scope supports this feature by allowing specific permissions to be assigned by groups, facilitating more efficient management of clusters.

Change cluster settings

Select a cluster from the tree to manage settings. You can change the following settings.

Proxy Settings Tool: Generate a Helm script that you can use to deploy new proxy settings to your cluster.
Policy: Select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.
Policy: Select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.
Map to cloud account: Turn on, specify the required information (ARN, Resource ID), and click Save.

Hover over the link below the text field to find out how to locate the required information in your management service.

Amazon ECS

The following table outlines the options available for Amazon ECS cluster.

Option	Options
View details about your container environment	Container Inventory provides a tree view to manage the protection of all your connected Amazon ECS clusters. Amazon ECS hierarchy: Orchestration platform (Amazon ECS) > Cloud account > Region > Cluster > Services > Tasks > Containers
Add new Amazon ECS clusters	Select Amazon ECS, a cloud account, or a region from the tree. Click Add account (if other clusters have previously been added) or Add and protect Amazon ECS assets (if no clusters have previously been added). For detailed instructions, see: Connecting Amazon ECS clusters using a new AWS account Setting up connected Amazon ECS Fargate clusters
Enable or disable runtime security and scanning on clusters	Select one or more clusters from the tree to enable or disable runtime security or runtime scanning. Runtime security: Provides visibility into any activity of your running containers that violates a customizable set of rules. Runtime scanning: Provides visibility of operating system and open source code vulnerabilities that are part of containers running in clusters.
Assign new policies	Select a cluster from the tree. In the Policy field, select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.