| CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01)] | 19 Claims |
|
1. A method for associating an event in a cloud computing log to a process running on a workload, comprising:
configuring a workload deployed in a cloud computing environment to deploy thereon a sensor, the sensor configured to detect a runtime process on the workload, the runtime process utilizing an identity;
detecting in a log of the cloud computing environment an event based on an identifier of the workload, the log including a plurality of events;
inspecting a code object for a cybersecurity object, the code object utilized in deploying the workload in the cloud computing environment;
associating the runtime process with the event based on an identifier of the workload and the cybersecurity object, wherein the cybersecurity object indicates the identity; and
generating an enriched log including an identifier of the runtime process associated with the event and the cybersecurity object.
|