Malware Detection Tool found a malware in one of the Elasticsearch logging node index filesystem idices

Solution Verified - Updated -

Issue

  • Malware detection found a malware in one of the elasticsearch logging node index filesystem in project namespace idices.
Date & Time of detection        Server  Detection       Detail  Action
 November 9, 2019 02:57:52       abc.example.com         BAT_Generic     /elasticsearch/persistent/logging-es/data/nodes/0/indices/xxxxxxxxxxxxxxxx/0/index/_xxx_Lucene50_0.tip
Action Result: Quarantined      Quarantined
  • The full details from the Malware Detection Tool:
Malware Information
Detection Time: November 9, 2019 02:57:52
Infected File(s):       /elasticsearch/persistent/logging-es/data/nodes/0/indices/xxxxxxxxxxxxxxx/0/index/_xxx_Lucene50_0.tip
File SHA-1:     134FC2Bxxxxxxxxxxxxxxx13Dxxxxx800
Malware:        BAT_Generic
Scan Type:      Real Time
Action Taken:   Quarantined

Computer Information
Computer:       abc.example.com
Container Name: k8s_elasticsearch_logging-es-data-master-xxxxxx-4-gxpxx_openshift-logging_30xxxxxx-xxxxx-11e9-xxxxx-000xxxxxxxx_0
Container ID:   xxxxxxxxxxxxxx
Container Image Name:   sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Environment

  • Red Hat OpenShift Container Platform
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content