| CPC G06F 11/301 (2013.01) [G06F 9/45558 (2013.01); G06F 16/188 (2019.01); H04L 63/0227 (2013.01); G06F 2009/45591 (2013.01)] | 21 Claims |
|
1. A method, comprising:
registering, by an agent running in a virtual machine, with a process connector service of a guest operating system (OS) of the virtual machine in order to receive event notifications;
receiving, by the agent, based on the registering and from the process connector service, a first notification of a first event indicating launch of a process initiating a first container, the notification comprising a process identifier of the process initiating the first container; and
generating, by the agent and based on the notification, container mapping information for the first container, the container mapping information comprising one or more mappings of the process identifier of the process initiating the first container to one or more of:
a container name of the first container;
a container identifier of the first container;
a network address of the first container; or
a user identifier related to the first container;
receiving, by the agent and from a service of the guest OS, information about a second event, the second event being associated with the first container and comprising a connection request or a file access request, the second notification comprising one or more of:
the container name of the first container; or
the network address of the first container;
in response to receiving the information about the second event:
accessing the container mapping information for the first container; and
based at least in part on the container mapping information for the first container, determining one or more event-related identifiers associated with the first container;
determining, by the agent, based at least in part one or more event-related identifiers, whether to block or allow an action related to the second event; and
causing the action to be blocked in response to determining that the action should be blocked or causing the action to be allowed in response to determining that the action should be allowed.
|