Docker Integration

Threat Stack’s Docker integration provides the context needed to understand what happened during a security event and then take action.

Book Your Demo

How Threat Stack Can Help with Docker

The Docker Integration correlates data from the host with container and AWS CloudTrail, so you can make smarter security decisions based on the best insights possible – and streamline your data consumption.


Know when a new Docker image is pulled or run. Know about any network connections involving the container.

Get Alerted

Get alerted on any user typing commands on the container. Get alerted on unusual user, process, and file behaviors.


Audit all Docker configuration files on the host. Audit any file changes on the container.

The Popularity of Containers Continues to Rise

Companies are increasingly using Docker and containers are an important part of the future of cloud infrastructure. In fact, according to Gartner, 53% of organizations are currently using or evaluating containers. Docker can increase the velocity of your development and IT organizations and streamline your DevOps process. Simultaneously, it creates new complexity because you don’t have full visibility into them. Threat Stack addresses this need by offering a Docker Integration as part of its Investigate package.

Gain Visibility into Your Containerized Environment

Threat Stack’s Docker Integration provides full visibility into your container environment, notifying you in the case of internal or external threats. The integration augments detected host events with Docker information, including container ID and image name. Threat Stack collects that data using a host-based agent instead of hooking into the kernel, keeping your IT stack lean and lightweight. You also will not need to install an agent in every container – enabling you to scale seamlessly and cost effectively.