US 12,238,185 B2
Generating service-to-service dependency map from DNS and authentication logs
George Kim, Fairfax, VA (US); Christian Cypress Chung, Severn, MD (US); Vivek Sanjeev Tejwani, Bellevue, WA (US); Sorabh Kumar Gandhi, Bellevue, WA (US); and Abhishek Pathak, Woodinville, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 14, 2022, as Appl. No. 18/066,235.
Prior Publication US 2024/0205300 A1, Jun. 20, 2024
Int. Cl. H04L 67/51 (2022.01); G06F 9/455 (2018.01); G06F 15/16 (2006.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); H04L 9/32 (2006.01); H04L 15/16 (2006.01); H04L 61/4511 (2022.01)
CPC H04L 67/51 (2022.05) [G06F 9/45558 (2013.01); H04L 61/4511 (2022.05); G06F 2009/45595 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A distributed computing system, comprising:
a processor and memory storing instructions that cause the processor to execute:
a domain name service (DNS) log analyzer configured to identify a dependency of a first service executed on a first virtual machine (VM) at a first server of the distributed computing system, on a second service executed on a second VM at a second server of the distributed computing system, via one or more DNS logs of a DNS server of the distributed computing system;
an authentication log analyzer configured to identify a dependency of the first service on a third service executed at a third server of the distributed computing system, via one or more token authentication logs of an authentication server of the distributed computing system; and
a dependency map generator configured to generate a service-to-service dependency map including the dependency between the first service and the second service identified via the DNS log analyzer, and the dependency between the first service and third service identified via the authentication log analyzer, wherein
the DNS log analyzer is further configured to identify a dependency between the second service and the third service based on the one or more DNS logs,
the second service is a pass-through service that passes a request from the first service to the third service for processing,
the dependency between the second service and the third service identified via the DNS log analyzer is included in the service-to-service dependency map,
the service-to-service dependency map is output to a downstream computing program for processing, the downstream computing program being selected from the group consisting of a recovery program, a fault diagnosis program, a geographic compliance program, and a threat identification program,
the geographic compliance program is configured to determine a geographic scope of a location of servers executing the first service and the second service as the processing operation, and
the threat identification program is configured to scan system logs of servers executing dependent services of the first service to identify a presence or effect or a virus or malware on the servers as the processing operation.