Overview

The CPLA component monitors applications running inside Linux containers and associates security events with the correct container context.

By retrieving metadata from the container runtime, CPLA improves event accuracy and supports investigation of container-based activity.