Container Security
Monitor Kubernetes clusters, ECS clusters, and container workload security using Trend Micro Vision One. This skill provides visibility into container environments, their security posture, and runtime protection status.
Instructions
- •
When the user asks about container security, Kubernetes, ECS, or containerized workloads, use this skill to query container infrastructure.
- •
List Kubernetes clusters: Start with
list_kubernetes_clustersto get an overview of all monitored K8s environments. - •
Check ECS clusters: Use
list_ecs_clustersto review AWS ECS container infrastructure. - •
Get cluster details: Use cluster-specific detail tools to retrieve comprehensive security and configuration information.
- •
Review namespaces: For Kubernetes, examine namespaces to understand workload organization and security policies.
- •
Assess runtime protection: Verify that container runtime security features are enabled and functioning.
- •
Correlate with vulnerabilities: Cross-reference container findings with CVE data for image vulnerabilities.
Tools
This skill uses the following Vision One MCP tools (all read-only):
| Tool | Purpose |
|---|---|
list_kubernetes_clusters | List monitored Kubernetes clusters |
get_kubernetes_cluster | Get detailed K8s cluster information |
list_kubernetes_namespaces | List namespaces within a K8s cluster |
list_ecs_clusters | List monitored AWS ECS clusters |
get_ecs_cluster | Get detailed ECS cluster information |
Common Workflows
Container Environment Inventory
- •List all Kubernetes clusters
- •List all ECS clusters
- •For each cluster, get detailed configuration
- •Summarize protection coverage across environments
- •Identify any unprotected container workloads
Kubernetes Security Assessment
- •List Kubernetes clusters
- •Get cluster details for each
- •List namespaces and workloads
- •Check runtime protection status
- •Identify security policy gaps
ECS Security Review
- •List ECS clusters
- •Get cluster details
- •Review task definitions and services
- •Verify container insights and protection
- •Document findings and recommendations
Container Compliance Check
- •Inventory all container clusters
- •Verify protection agent deployment
- •Check security policy configurations
- •Identify non-compliant workloads
- •Generate compliance report
Output Format
Container Environment Summary
## Container Security Overview ### Kubernetes Clusters | Cluster | Provider | Nodes | Namespaces | Protection | |---------|----------|-------|------------|------------| | [Name] | [EKS/AKS/GKE/On-prem] | [count] | [count] | [Enabled/Partial/Disabled] | ### ECS Clusters | Cluster | Region | Services | Tasks | Protection | |---------|--------|----------|-------|------------| | [Name] | [Region] | [count] | [count] | [Enabled/Disabled] | ### Protection Summary - Total clusters: [count] - Fully protected: [count] - Partially protected: [count] - Unprotected: [count]
Kubernetes Cluster Details
## Kubernetes Cluster: [Name] **Provider**: [EKS/AKS/GKE/On-prem] **Version**: [K8s version] **Nodes**: [count] ### Protection Status - Runtime protection: [Enabled/Disabled] - Admission control: [Enabled/Disabled] - Image scanning: [Enabled/Disabled] ### Namespaces | Namespace | Pods | Protection Status | |-----------|------|-------------------| | [Name] | [count] | [Protected/Unprotected] | ### Security Findings - Critical: [count] - High: [count] - Medium: [count] - Low: [count]
ECS Cluster Details
## ECS Cluster: [Name] **Region**: [AWS Region] **Status**: [Active/Inactive] ### Services | Service | Tasks | Status | |---------|-------|--------| | [Name] | [count] | [Active/Draining] | ### Protection Status - Container protection: [Enabled/Disabled] - Image scanning: [Enabled/Disabled] ### Resource Utilization - CPU reservation: [%] - Memory reservation: [%]
Security Considerations
- •This skill provides read-only access to container security data
- •Cluster names, namespaces, and configurations are sensitive infrastructure details
- •Container vulnerabilities may expose critical application components
- •Unprotected containers represent significant security risk
- •Coordinate with platform teams for protection deployment
- •Runtime protection gaps should be addressed urgently for production workloads