US 12,470,577 B1
Kernel-based monitoring of container activity in a compute environment
Rushikesh P. Patil, Maharashtra (IN); Japneet Singh, Surrey (CA); Maximilien P. Fechner, Arlington, MA (US); Joseph M. Wilder, Natick, MA (US); and Yijou Chen, Cupertino, CA (US)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Lacework, Inc., Mountain View, CA (US)
Filed on Jan. 12, 2023, as Appl. No. 18/096,105.
Application 18/096,105 is a continuation in part of application No. 17/900,468, filed on Aug. 31, 2022.
Application 17/900,468 is a continuation in part of application No. 17/893,721, filed on Aug. 23, 2022.
Application 17/893,721 is a continuation in part of application No. 17/504,311, filed on Oct. 18, 2021, granted, now 11,677,772.
Application 17/504,311 is a continuation of application No. 16/665,961, filed on Oct. 28, 2019, granted, now 11,153,339, issued on Oct. 19, 2021.
Application 16/665,961 is a continuation of application No. 16/134,794, filed on Sep. 18, 2018, granted, now 10,581,891, issued on Mar. 3, 2020.
Claims priority of provisional application 63/392,300, filed on Jul. 26, 2022.
Claims priority of provisional application 63/239,262, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,275, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,310, filed on Aug. 31, 2021.
Claims priority of provisional application 63/239,288, filed on Aug. 31, 2021.
Claims priority of provisional application 62/650,971, filed on Mar. 30, 2018.
Claims priority of provisional application 62/590,986, filed on Nov. 27, 2017.
Int. Cl. H04L 9/40 (2022.01); G06F 9/455 (2018.01); G06F 9/54 (2006.01); G06F 16/901 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 29/06 (2006.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01)
CPC H04L 63/1425 (2013.01) [G06F 9/455 (2013.01); G06F 9/45558 (2013.01); G06F 9/545 (2013.01); G06F 16/9024 (2019.01); G06F 16/9038 (2019.01); G06F 16/9535 (2019.01); G06F 16/9537 (2019.01); G06F 21/57 (2013.01); H04L 63/10 (2013.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 2009/45591 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method comprising:
accessing, by an agent deployed in a cloud compute environment monitored by a data platform, kernel data generated by a kernel of an operating system used within the cloud compute environment;
detecting, by the agent and based on the kernel data, a launch of a new container entity of a set of container entities deployed to the cloud compute environment and managed by a container runtime executing on the operating system; and
based on the detecting, providing, by the agent to the data platform, agent data that indicates the launch of the new container entity, wherein:
the kernel data includes a creation callback generated by the kernel of the operating system; and
the detecting of the launch of the new container entity includes:
identifying, within the creation callback, a container entity name, and
determining that the container entity name has not yet been observed in previous callbacks produced by the kernel of the operating system.