| CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01)] | 20 Claims |
|
1. A server, comprising:
a processor; and
a memory connected to the processor, the memory storing instructions executed by the processor to:
collect operating signals from machines, wherein the operating signals characterize processes running in containers and each operating signal includes a process lineage and an executed file path for a process running in a container,
ascribe a container lifecycle phase to the processes, wherein the container lifecycle phase is characterized as one of container startup, container steady state and container shutdown,
identify a process anomaly when a process running in a container during the container lifecycle phase deviates from a baseline for the container during the container lifecycle phase, wherein the process anomaly corresponds to the process, and
present, on a display device, a user interface that lists processes running in the container and identifies the process anomaly.
|