-
公开(公告)号:US20230315726A1
公开(公告)日:2023-10-05
申请号:US17710789
申请日:2022-03-31
申请人: Sysdig, Inc.
发明人: Aleksandar Ponjavic , Bryan Nolan Seay , Danko Saponjic , Perica Milosevic , Bojan Blagojevic , Thomas R. van Os
IPC分类号: G06F16/2453 , G06F16/22 , G06F16/2457 , G06F11/34
CPC分类号: G06F16/2453 , G06F16/2246 , G06F16/24573 , G06F11/3409
摘要: Techniques for organizing and storing metrics for efficient querying is disclosed. A data collection system is implemented to receive, from a device, an original dataset comprising metrics of a component of a clustered application environment and metadata associated with the metrics. Based on the metrics, a tree structure containing a plurality of nodes is populated with the metrics and metadata. The data collection system generates an updated dataset containing the metrics, associated labels, and enriched labels based on the metadata. The updated dataset is stored within a database table. The data collection system receives a query for metrics. In response to receiving the query, the data collection system generates a result set containing at least a subset of the data values in the database table and at least one enriched label.
-
公开(公告)号:US20230259382A1
公开(公告)日:2023-08-17
申请号:US17673119
申请日:2022-02-16
申请人: Sysdig, Inc.
发明人: Thomas Van Os
CPC分类号: G06F9/45558 , G06F9/44505 , G06F11/3006 , G06F2009/4557 , G06F2009/45591
摘要: A computer-implemented method of monitoring programmatic containers performed through executing an agent processor is disclosed. The method comprises transmitting, by a processor, one or more deployment configurations from a monitoring server related to an application hosted in a container to a backend device, the processor receiving, from the backend device, a plurality of monitoring configurations for the application, the processor merging the plurality of monitoring configurations for the application into a merged monitoring configuration for the application, the processor providing the merged monitoring configuration for the application to the monitoring server, and the processor periodically receiving, from the monitoring server, telemetry data that characterizes one or more instances of the application.
-
公开(公告)号:US11102097B2
公开(公告)日:2021-08-24
申请号:US16666318
申请日:2019-10-28
申请人: Sysdig, Inc.
摘要: Techniques related to communication between independent containers are provided. In an embodiment, a first programmatic container includes one or more first namespaces in which an application program is executing. A second programmatic container includes one or more second namespaces in which a monitoring agent is executing. The one or more first namespaces are independent of the one or more second namespaces. A monitoring agent process hosts the monitoring agent. The monitoring agent is programmed to receive an identifier of the application program. The monitoring agent is further programmed to switch the monitoring agent process from the one or more second namespaces to the one or more first namespaces. After the switch, the monitoring agent process continues to execute in the second programmatic container, but communication is enabled between the application program and the monitoring agent via the monitoring agent process.
-
公开(公告)号:US20200329073A1
公开(公告)日:2020-10-15
申请号:US16911955
申请日:2020-06-25
申请人: Sysdig, Inc.
发明人: Loris Degioanni
摘要: In an embodiment, a data processing method comprises receiving, from one or more service monitoring processes configured to monitor operations of one or more computer applications instantiated within one or more containers, operation datasets representing operations that have been performed by one or more processes associated with the one or more computer applications; generating a baseline dataset of operations having operation properties from the operation datasets; computing a score for each operation in the baseline dataset, from the operation datasets, the score indicating whether the operation is a candidate for generating a rule that defines one or more expected values for an operation property of the operation; automatically generating a set of baseline operations rules for only those operations in the baseline dataset that score more than a score threshold.
-
公开(公告)号:US10708310B2
公开(公告)日:2020-07-07
申请号:US16443476
申请日:2019-06-17
申请人: Sysdig, Inc.
发明人: Loris Degioanni
摘要: In an embodiment, a data processing method comprises creating and storing a scoring threshold value that is associated with determining whether a baseline operation rule is to be generated; receiving, from service monitoring processes, datasets of operations performed on digital objects by processors associated with computer applications; aggregating operations and identifying operation properties from the aggregated operations to generate an aggregated baseline dataset that represents operation properties from aggregated operations; assigning score values to each of the operation properties, wherein each assigned score value represents whether a particular operation property is a candidate for generating a rule that defines expected operation property values for the particular operation property; automatically generating a set of baseline operations rules for only those operation properties that have assigned values that exceed the score threshold value. The set of baseline operations rules is programmed to detect anomalous operations that contain unexpected operation property values.
-
公开(公告)号:US11716346B1
公开(公告)日:2023-08-01
申请号:US17898171
申请日:2022-08-29
申请人: Sysdig, Inc.
发明人: Noah Kraemer , Omer Azaria
CPC分类号: H04L63/1433 , H04L63/0876
摘要: Techniques for categorizing and prioritizing security issues is disclosed. A security management system is implemented to receive security events describing potential security issues from clients. The security events contain attributes describing the security issue, affected resources, and a risk score defining a level of security risk associated with the event. The security events may be aggregated into a set of recommendation categories based on the type of security issue to be remedied. Aggregated risk scores may be computed for each of the recommendation categories. The security management system causes displaying of a graphical user interface to display information representing the set of recommendation categories. User input may be received selecting a particular recommendation category. In response to selecting the particular recommendation category, recommendation instruction options are displayed for remedying the events within the particular recommendation category.
-
公开(公告)号:US11656970B2
公开(公告)日:2023-05-23
申请号:US17577302
申请日:2022-01-17
申请人: SYSDIG, INC.
发明人: Gianluca Borello , Loris Degioanni
CPC分类号: G06F11/3466 , G06F8/43 , G06F9/45558 , G06F9/5077 , G06F9/544 , G06F9/545 , G06F21/57 , G06F2009/45591
摘要: A computer-implemented method of monitoring programmatic containers (containers) through executing a computer program in a kernel space is disclosed. The method comprises storing trace data in a memory buffer that is shared by the kernel space and a user space, the trace data being related to execution of a process associated with a container at an execution point of the process. The method also comprises retrieving container data related to the container through raw access of one or more kernel data structures when execution of the process is stopped. In addition, the method comprises storing the container data in association with the trace data in the memory buffer.
-
公开(公告)号:US11528300B2
公开(公告)日:2022-12-13
申请号:US16911955
申请日:2020-06-25
申请人: Sysdig, Inc.
发明人: Loris Degioanni
摘要: In an embodiment, a data processing method comprises receiving, from one or more service monitoring processes configured to monitor operations of one or more computer applications instantiated within one or more containers, operation datasets representing operations that have been performed by one or more processes associated with the one or more computer applications; generating a baseline dataset of operations having operation properties from the operation datasets; computing a score for each operation in the baseline dataset, from the operation datasets, the score indicating whether the operation is a candidate for generating a rule that defines one or more expected values for an operation property of the operation; automatically generating a set of baseline operations rules for only those operations in the baseline dataset that score more than a score threshold.
-
公开(公告)号:US20220138079A1
公开(公告)日:2022-05-05
申请号:US17577302
申请日:2022-01-17
申请人: SYSDIG, INC.
发明人: Gianluca Borello , Loris Degioanni
摘要: A computer-implemented method of monitoring programmatic containers (containers) through executing a computer program in a kernel space is disclosed. The method comprises storing trace data in a memory buffer that is shared by the kernel space and a user space, the trace data being related to execution of a process associated with a container at an execution point of the process. The method also comprises retrieving container data related to the container through raw access of one or more kernel data structures when execution of the process is stopped. In addition, the method comprises storing the container data in association with the trace data in the memory buffer.
-
公开(公告)号:US11288075B2
公开(公告)日:2022-03-29
申请号:US17214558
申请日:2021-03-26
申请人: Sysdig, Inc.
发明人: Loris Degioanni
摘要: In one embodiment, a method includes accessing a loaded but paused source process executable and disassembling the source process executable to identify a system call to be instrumented and an adjacent relocatable instruction. Instrumenting the system call includes building a trampoline for the system call that includes a check flag instruction at or near an entry point to the trampoline and two areas of the trampoline that are selectively executed according to results of the check flag instruction. Building a first area of the trampoline includes providing instructions to execute a relocated copy of the adjacent relocatable instruction and return flow to an address immediately following the adjacent relocatable instruction. Building a second area of the trampoline includes providing instructions to invoke at least one handler associated with executing a relocated copy of the system call and return flow to an address immediately following the system call.
-
-
-
-
-
-
-
-
-
搜索结果
36 条记录 (耗时 0.016 秒)
