App Behavior
Application Behavior of the cluster workloads that are onboarded to the Xcitium are collected with help of KubeArmor and the agents that are installed as Daemon sets in the cluster. The informations are collected at the workload level granularity. So that the users can get the information about each workload that are running in each namespaces.
- Click 'Security' > 'Cloud Security'
- Click 'Runtime Protection' > 'App Behavior'
Application behavior of the cluster workloads are given in two ways,
In the list view users can get the selected workload’s application behavior in 3 types of list namely:
It provides the information about the file access that are happening inside the workload.
It gives information like which process is accessing which file in the workload.
Along with the file information it gives status of the access either allow, audit or deny.
It shows what are all the process that are executing in the workload and which workload, or container are executing that process.
It also gives information about the process that are blocked from execution in the workload.
Network Observability shows the ingress and egress connection that are coming to and going out of the workload.
It gives the information regarding Port number, source from where the ingress connection is coming and Destination to which egress connection is destined to go.
In the graph view we can see the process, file and network level application behavior of the workload in Graphical representation.
When the user clicks on the connection line, it will show the process, file or network that the corresponding connection belongs.