Docker · Kubernetes · Swarm

Containers don't eliminate
server security threats

Your nodes still run SSH. Your ingress still receives attacks. Your containers still need protection at the host level. Defensia deploys as a container and protects the entire node.

Get Started Free View on GitHub

Deploy in one command

Choose your platform. The agent auto-registers and starts protecting immediately.

DOCKER

Single container

docker run -d --privileged --net=host --pid=host \

-v /var/log:/var/log:ro \

-v /var/run/docker.sock:/var/run/docker.sock:ro \

-e DEFENSIA_TOKEN=<TOKEN> \

ghcr.io/defensia/agent:latest

Also available on Docker Hub: defensiacloud/agent

SWARM

Docker Swarm (1 agent per node)

echo "<TOKEN>" | docker secret create defensia_token -

docker stack deploy -c docker-compose.swarm.yml defensia

Deploys as a global service. Token stored as Docker secret.

K8S

Kubernetes via Helm

helm install defensia-agent \

oci://ghcr.io/defensia/charts/defensia-agent \

--set token=<TOKEN>

DaemonSet — 1 agent per node, including control-plane. Tolerates all taints.

Configure with Docker labels

No config files. Just add labels to your containers and Defensia auto-detects what to monitor.

# docker-compose.yml

services:

nginx:

image: nginx

labels:

defensia.monitor: "true"

defensia.log-path: "/var/log/nginx/access.log"

defensia.domain: "example.com"

defensia.monitor

Force-include or exclude a container from monitoring (true/false).

defensia.log-path

Explicit host log path(s). Skips auto-detection. Comma-separated.

defensia.domain

Associate domain names with this container's logs. Comma-separated.

defensia.waf

Informational flag — WAF on/off is controlled from the dashboard.

What Defensia protects in containerized environments

The agent runs on the node and monitors everything — host-level and container-level threats.

SSH brute force on the node

15 detection patterns covering auth failures, pre-auth scanning, and protocol mismatches.

Web attacks via Ingress/proxy logs

Reads Nginx/Apache logs from containers. Detects SQLi, XSS, path traversal, RCE, and 15+ OWASP types.

Bot detection & management

70+ bot fingerprints with per-org policies: allow, log, or block.

Docker container inventory

Reports all running containers, images, and status to the dashboard.

Server metrics & health

CPU, memory, disk, network, zombie processes — reported every 60 seconds.

CVE vulnerability scanning

Detects vulnerable packages and matches against NVD, EPSS, and CISA KEV.

Defensia vs other container security tools

Most container security tools focus on runtime detection only. Defensia covers the full stack.

FeatureDefensiaFalcoBunkerWeb

SSH protection✓——

Web Application Firewall✓—✓

Bot detection✓—✓

Server metrics✓——

CVE scanning✓——

Multi-server dashboard✓——

Docker label autoconf✓—✓

Helm chart✓✓✓

Auto IP blocking✓—✓

Lightweight (~40MB)✓——

Secure your containers today

Free tier available. Deploy on Docker, Swarm, or Kubernetes in under a minute.

Get Started Free

Containers don't eliminateserver security threats