Search

US-12627686-B1 - Generating the ancestry of a deployment in a cloud environment

US12627686B1US 12627686 B1US12627686 B1US 12627686B1US-12627686-B1

Abstract

Generating the ancestry of a deployment in a cloud environment, including: gathering information describing a deployment in a cloud environment; and generating, based on the information, an ancestry of the deployment describing one or more relationships between the deployment and one or more application development resources incorporated into the deployment.

Inventors

  • Christien R. Rioux
  • PETER W. O'HEARN
  • David McAleer
  • Charles Y. Kim
  • Yijou Chen
  • SOWMYA KARMALI

Assignees

  • Lacework, Inc.

Dates

Publication Date
20260512
Application Date
20230329

Claims (20)

  1. 1 . A method of generating a time-series of events describing the development and deployment of software, the method comprising: gathering information describing a deployment in a cloud environment, wherein the gathered information comprises at least build log information describing a build of the deployment; and generating, based on the information, an ancestry of the deployment describing one or more relationships between the deployment and one or more application development resources incorporated into the deployment, wherein the ancestry of the deployment is described with respect to one or more images that contain or mor more artifacts that are products of a build process applied to source code may be selected for inclusion in an image.
  2. 2 . The method of claim 1 , further comprising: gathering other information describing one or more other configurations of the deployment; and generating, based on the other information, a time-series of the ancestry of the deployment.
  3. 3 . The method of claim 1 , wherein the one or more application development resources comprise one or more portions of a code repository incorporated into the deployment.
  4. 4 . The method of claim 3 , wherein the ancestry associates each portion of the one or more portions of the code repository with a corresponding artifact included in the deployment.
  5. 5 . The method of claim 4 , wherein the ancestry associates each artifact of one or more artifacts included in the repository with a corresponding one or more images included in the deployment.
  6. 6 . The method of claim 1 , wherein the ancestry associates a hash of the deployment to hashes of the one or more application development resources.
  7. 7 . The method of claim 6 , wherein the ancestry associates the hash of the deployment with the hashes of the one or more application development resources via hashes of one or more intermediary components.
  8. 8 . The method of claim 1 , wherein gathering information describing the deployment in a cloud environment comprises accessing a build log describing a build of the deployment.
  9. 9 . The method of claim 2 , further comprising identifying, based on the time-series of the ancestry, a change in the deployment.
  10. 10 . The method of claim 9 , wherein identifying the change in the deployment comprises correlating the change in the deployment with one or more events.
  11. 11 . A non-transitory computer program product for generating a time-series of events describing the development and deployment of software, the computer program product disposed on a computer readable medium, the computer program when executed is configurable to cause a computer to: gather information describing a deployment in a cloud environment, wherein the gathered information comprises at least build log information describing a build of the deployment; and generate , based on the information, an ancestry of the deployment describing one or more relationships between the deployment and one or more application development resources incorporated into the deployment, wherein the ancestry of the deployment is described with respect to one or more images that contain or mor more artifacts that are products of a build process applied to source code may be selected for inclusion in an image.
  12. 12 . The non-transitory computer program product of claim 11 , further comprising: gathering other information describing one or more other configurations of the deployment; and generating, based on the other information, a time-series of the ancestry of the deployment.
  13. 13 . The non-transitory computer program product of claim 11 , wherein the one or more application development resources comprise one or more portions of a code repository incorporated into the deployment.
  14. 14 . The non-transitory computer program product of claim 13 , wherein the ancestry associates each portion of the one or more portions of the code repository with a corresponding artifact included in the deployment.
  15. 15 . The non-transitory computer program product of claim 14 , wherein the ancestry associates each artifact of one or more artifacts included in the repository with a corresponding one or more images included in the deployment.
  16. 16 . The non-transitory computer program product of claim 11 , wherein the ancestry associates a hash of the deployment to hashes of the one or more application development resources.
  17. 17 . The non-transitory computer program product of claim 16 , wherein the ancestry associates the hash of the deployment with the hashes of the one or more application development resources via hashes of one or more intermediary components.
  18. 18 . The non-transitory computer program product of claim 11 , wherein gathering information describing the deployment in a cloud environment comprises accessing a build log describing a build of the deployment.
  19. 19 . The non-transitory computer program product of claim 12 , wherein the steps further comprise identifying, based on the time-series of the ancestry, a change in the deployment.
  20. 20 . The non-transitory computer program product of claim 19 , wherein identifying the change in the deployment comprises correlating the change in the deployment with one or more events.

Description

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings illustrate various embodiments and are a part of the specification. The illustrated embodiments are merely examples and do not limit the scope of the disclosure. Throughout the drawings, identical or similar reference numbers designate identical or similar elements. FIG. 1A shows an illustrative configuration in which a data platform is configured to perform various operations with respect to a cloud environment that includes a plurality of compute assets. FIG. 1B shows an illustrative implementation of the configuration of FIG. 1A. FIG. 1C illustrates an example computing device. FIG. 1D illustrates an example of an environment in which activities that occur within datacenters are modeled. FIG. 2A illustrates an example of a process, used by an agent, to collect and report information about a client. FIG. 2B illustrates a 5-tuple of data collected by an agent, physically and logically. FIG. 2C illustrates a portion of a polygraph. FIG. 2D illustrates a portion of a polygraph. FIG. 2E illustrates an example of a communication polygraph. FIG. 2F illustrates an example of a polygraph. FIG. 2G illustrates an example of a polygraph as rendered in an interface. FIG. 2H illustrates an example of a portion of a polygraph as rendered in an interface. FIG. 2I illustrates an example of a portion of a polygraph as rendered in an interface. FIG. 2J illustrates an example of a portion of a polygraph as rendered in an interface. FIG. 2K illustrates an example of a portion of a polygraph as rendered in an interface. FIG. 2L illustrates an example of an insider behavior graph as rendered in an interface. FIG. 2M illustrates an example of a privilege change graph as rendered in an interface. FIG. 2N illustrates an example of a user login graph as rendered in an interface. FIG. 2O illustrates an example of a machine server graph as rendered in an interface. FIG. 3A illustrates an example of a process for detecting anomalies in a network environment. FIG. 3B depicts a set of example processes communicating with other processes. FIG. 3C depicts a set of example processes communicating with other processes. FIG. 3D depicts a set of example processes communicating with other processes. FIG. 3E depicts two pairs of clusters. FIG. 3F is a representation of a user logging into a first machine, then into a second machine from the first machine, and then making an external connection. FIG. 3G is an alternate representation of actions occurring in FIG. 3F. FIG. 3H illustrates an example of a process for performing extended user tracking. FIG. 3I is a representation of a user logging into a first machine, then into a second machine from the first machine, and then making an external connection. FIG. 3J illustrates an example of a process for performing extended user tracking. FIG. 3K illustrates example records. FIG. 3L illustrates example output from performing an ssh connection match. FIG. 3M illustrates example records. FIG. 3N illustrates example records. FIG. 3O illustrates example records. FIG. 3P illustrates example records. FIG. 3Q illustrates an adjacency relationship between two login sessions. FIG. 3R illustrates example records. FIG. 3S illustrates an example of a process for detecting anomalies. FIG. 4A illustrates a representation of an embodiment of an insider behavior graph. FIG. 4B illustrates an embodiment of a portion of an insider behavior graph. FIG. 4C illustrates an embodiment of a portion of an insider behavior graph. FIG. 4D illustrates an embodiment of a portion of an insider behavior graph. FIG. 4E illustrates a representation of an embodiment of a user login graph. FIG. 4F illustrates an example of a privilege change graph. FIG. 4G illustrates an example of a privilege change graph. FIG. 4H illustrates an example of a user interacting with a portion of an interface. FIG. 4I illustrates an example of a dossier for an event. FIG. 4J illustrates an example of a dossier for a domain. FIG. 4K depicts an example of an Entity Join graph by FilterKey and FilterKey Group (implicit join). FIG. 4L illustrates an example of a process for dynamically generating and executing a query. FIG. 5 sets forth a flowchart illustrating an example method of dynamically generating monitoring tools for software applications in accordance with some embodiments of the present disclosure. FIG. 6 sets forth a flowchart illustrating an additional example method of dynamically generating monitoring tools for software applications in accordance with some embodiments of the present disclosure. FIG. 7 sets forth a flowchart illustrating an additional example method of dynamically generating monitoring tools for software applications in accordance with some embodiments of the present disclosure. FIG. 8 sets forth a flowchart illustrating an example method of generating the ancestry of a deployment in a cloud environment in accordance with some embodiments of the present disclosure. FI