US 12,425,428 B1
Activity monitoring of a cloud compute environment based on container orchestration data
Julien Sobrier, Saratoga, CA (US); Ross T. Bunker, Seattle, WA (US); Ashwin Jayaprakash, Sunnyvale, CA (US); Ankita Bhargava, Fremont, CA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Lacework, Inc., San Jose, CA (US)
Filed on Oct. 12, 2022, as Appl. No. 17/964,311.
Application 17/964,311 is a continuation in part of application No. 17/504,311, filed on Oct. 18, 2021, granted, now 11,677,772.
Application 17/504,311 is a continuation of application No. 16/665,961, filed on Oct. 28, 2019, granted, now 11,153,339, issued on Oct. 19, 2021.
Application 16/665,961 is a continuation of application No. 16/134,794, filed on Sep. 18, 2018, granted, now 10,581,891, issued on Mar. 3, 2020.
Claims priority of provisional application 63/393,621, filed on Jul. 29, 2022.
Claims priority of provisional application 63/256,287, filed on Oct. 15, 2021.
Claims priority of provisional application 63/255,190, filed on Oct. 13, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2022.01); H04L 43/06 (2022.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01); G06F 16/2455 (2019.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 43/045 (2013.01); H04L 43/06 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 16/2456 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
obtaining, by a data platform, audit log data generated by a container orchestrator within a cloud compute environment, wherein the audit log data comprises at least creation, modification and destruction of container orchestrator resources;
generating, by the data platform, a data model based on the audit log data, the data model to track and maintain resource states of the cloud compute environment, the model indicative of activity occurring with respect to one or more containerized applications executing within the cloud compute environment; and
using, by the data platform, the data model to continuously monitor the activity for a security issue with respect to the one or more containerized applications.