Trusted Images Flashcards
(19 cards)
What is the functionality of Trusted Images?
allows to declare, by policy, which registries, repositories, and images are trusted, and how to respond when untrusted images are started in an environment
What should an organization do in order to protect itself from malicious third party container images?
organizations should maintain a set of trusted images and registries and ensure that only images from this set are allowed to run in their environment
What is required in order to be able to use Trusted Images functionality?
container Defender
Is trusting images by image tag supported
No
Are Trusted Images supported for workloads protected by App-Embedded Defender?
Including Fargate
No
How can trust be established?
- point of origin (registry and/or repository)
- base layer(s)
How is trust established based on base layers?
- images can have layers in common
- trust is established by matching the base layer hashes of a new image to a pre-approved base image, ensuring compliance and security
Where are Trusted Images configured?
Runtime Security > Defend > Compliance > Trusted Images > Policy
What are the possible effects for untrusted images?
- Alert
- Block
What is the very first step when configuring Trusted Images?
this functionality needs to be enabled
What is the purpose of Trust Groups?
specify good and bad images
Where are Trust Groups used?
in trust policies
What do Trust Groups collect?
related registries, repositories, and images in a single entity
What does the default policy consist of?
a single rule that alerts on all images started in the environment
What can rukes define? (3)
- explicitly allowed trust groups
- explicitly denied trust groups
- an action to take when an image isn’t trusted
How many Trusted Image policies is it possible to configure?
1
How is the Trusted Image policy evaluated?
from top down
What is the Trusted Image Policy built on?
rules
When a matching rule is found, the rule is processed. Are subsequent rules processed?
no
