CN116226855A - Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device - Google Patents

Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device Download PDF

Info

Publication number
CN116226855A
CN116226855A CN202211567646.9A CN202211567646A CN116226855A CN 116226855 A CN116226855 A CN 116226855A CN 202211567646 A CN202211567646 A CN 202211567646A CN 116226855 A CN116226855 A CN 116226855A
Authority
CN
China
Prior art keywords
vulnerability
configuration
audit
alarm
report
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211567646.9A
Other languages
Chinese (zh)
Inventor
许伟
陈柳伊
梅红伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerospace Science And Technology Network Information Development Co ltd
Original Assignee
Aerospace Science And Technology Network Information Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aerospace Science And Technology Network Information Development Co ltd filed Critical Aerospace Science And Technology Network Information Development Co ltd
Priority to CN202211567646.9A priority Critical patent/CN116226855A/en
Publication of CN116226855A publication Critical patent/CN116226855A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a method and a device for scanning, configuring audit and monitoring alarm of Kubernetes cluster loopholes, wherein the method comprises the following steps: the controller monitors the state change of the container to be detected, and automatically triggers vulnerability scanning and generates a vulnerability report when the state change of the target is detected; the controller monitors the state change of audit configuration, including gateway, network strategy and resource allocation, and when detecting the new or modified target, automatically triggers configuration audit and generates configuration audit report; prometheus periodically acquires and stores the generated vulnerability report or configuration audit report, and sends an alarm to a user according to an alarm strategy. The security report generated by the method is stored in the k8s cluster by the self-defined resource, so that transverse or longitudinal comparison analysis can be performed on the security report, and the vulnerability correction efficiency is improved.

Description

Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device
Technical Field
The invention relates to the field of vulnerability scanning and alarming at a cluster level, in particular to a method and a device for scanning, configuration audit and monitoring alarming of a cluster vulnerability.
Background
Kubernetes (hereinafter k8 s) is the currently mainstream container dispatch platform, which is a portable, scalable and self-healing open source platform for managing containerized workloads and services. By using k8s, container arrangement can be performed across clouds and platforms, hardware resources are more fully utilized, declarative management is performed on services, and containerized application is rapidly and on demand expanded.
The container simplifies the construction, packaging and advancement of applications or services and all their dependencies, which encompasses the entire lifecycle and spans different environments and deployment goals. The defects applied to logic design or the problems generated during programming can be utilized by lawless persons, and the whole host is attacked or controlled by implanting Trojan horse, virus and the like, and even the whole system is destroyed. In the cloud primitive age, more and more application programs are containerized, the security of the container is more and more important, targeted vulnerability risk scanning is more needed in time, and the existing security risk is reduced.
The 4 cs of the cloud native security model are cloud (cluster), container, and code (code), respectively, each layer is based on the next-most layer, and the code layer benefits from a powerful base security layer (cloud, cluster, container). In the existing container vulnerability scanning method based on the mirror image, the software name and version are obtained and matched with the corresponding vulnerability database by obtaining the container mirror image and analyzing the contained software application. According to the scheme, vulnerability scanning is performed on the container level, manual execution is needed, the detection result is not persistent, longitudinal comparison analysis cannot be performed on the detection result, detection of configuration files is absent, and a vulnerability detection alarm mechanism is absent.
Disclosure of Invention
The invention provides a method and a device for vulnerability scanning, configuration audit and monitoring alarm of a k8s cluster layer, which are used for solving the problems that manual execution is needed, a detection result is not persistent, longitudinal comparison analysis cannot be carried out on the detection result, detection of a configuration file is lacked, and a vulnerability alarm detection mechanism is not available.
The technical scheme of the invention is as follows:
in a first aspect, the invention discloses a method for scanning, configuring audit and monitoring alarm of Kubernetes cluster vulnerabilities, which comprises the following steps:
the controller monitors the state change of the container to be detected, and automatically triggers vulnerability scanning and generates a vulnerability report when the state change of the target is detected;
the controller monitors the state change of audit configuration, including gateway, network strategy and resource allocation, and when detecting the new or modified target, automatically triggers configuration audit and generates configuration audit report;
prometheus periodically acquires and stores the generated vulnerability report or configuration audit report, and sends an alarm to a user according to an alarm strategy.
In one embodiment, the vulnerability scanning includes:
according to the configured vulnerability metadata database, the latest vulnerability database is downloaded and cached every time, and when scanning again, the vulnerability metadata database is checked and updated to keep the database in the latest state, so that timeliness of the vulnerability database is ensured.
In one embodiment, the controller operates as a stand-alone or server/client; when the server/client mode operates, a vulnerability database is not required to be maintained in each client, and the server maintains an up-to-date vulnerability database.
In a specific embodiment, the vulnerability scanning further includes: users can customize and filter the loopholes, and the filtered loopholes are not recorded in the security report during scanning.
In one embodiment, configuration audit is automatically triggered and a configuration audit report is generated; the method specifically comprises the following steps:
when the configuration audit is performed, the custom configuration audit rule is allowed, a group of configuration audit strategies are built in the configuration of the trivy-operator-policies-config, and the user adds or modifies the audit strategies as required to expand the basic configuration audit function.
In one embodiment, the custom configuration audit rule specifically includes:
firstly, the user needs to define metadata of a custom audit policy, wherein the metadata comprises a set unique identifier, a title, a severity and descriptive text, the severity comprises CRITICAL, HIGH, MEDIUM, LOW, then policy logic is created, the type and the monitoring index of monitoring are defined, finally, the configuration is saved, and the controller is restarted, so that the controller can monitor the state of the custom resource according to the audit policy.
In a specific embodiment, the Prometaus periodically acquires and stores the generated vulnerability report or configuration audit report, and sends an alarm to the user according to an alarm strategy, which specifically comprises:
the controller provides an interface for inquiring the vulnerability index and the audit index, and Prometheus is timed for 15 seconds to pull data once and store the data;
an alarm mailbox is built in and used for sending alarm information to the mailbox after triggering an alarm; the user can add or modify the alarm mailbox to enable the user to receive the alarm message;
a group of alarm strategies are built in, and an alarm component of Prometaheus sends alarm information to a configured alarm mailbox according to the built-in alarm strategies.
In a second aspect, the invention discloses a Kubernetes cluster vulnerability scanning, configuration audit and monitoring alarm device, comprising:
the data acquisition module is used for monitoring the state change of the resource to be detected and automatically triggering scanning;
the vulnerability scanning and configuration auditing module scans mirror images vulnerabilities, audits configuration, obtains a security report, and sends monitoring indexes to promethaus;
and the monitoring alarm module is used for sending alarm information to the user according to the monitoring index.
In a third aspect, the present invention discloses a storage medium having stored thereon a computer program which, when executed by a processor, implements the method according to the first aspect of the present invention.
In a fourth aspect, the present invention discloses an electronic device, comprising a memory and a processor, the memory storing a computer program running on the processor, the processor implementing the method according to the first aspect of the present invention when executing the computer program.
The beneficial technical effects of the invention are as follows:
the invention discloses a novel method for detecting loopholes at a cluster level. The method operates in a cluster in the manner of a controller operator, and responds to changes by observing state changes of k8s resources and automatically triggering scanning, for example, starting vulnerability scanning when creating a new container group, continuously scanning the k8s cluster to find security problems, and generating a security report. The invention discloses a monitoring alarm system based on detection results. After detecting the loopholes of the mirror image or the configuration file, the controller sends the monitoring indexes to promethaus, and gives an alarm to the user according to the severity and the number of the loopholes. The invention can persistence detection result, the security report generated is stored in k8s cluster by user-defined resource (crds), and can make transverse or longitudinal comparison analysis to the security report, thus improving the vulnerability correction efficiency.
Drawings
To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention will be given with reference to the accompanying drawings and examples.
FIG. 1 is a system architecture diagram of the present invention;
FIG. 2 is a vulnerability scanning flow chart of the present invention;
FIG. 3 is a flow chart of the monitoring alarm of the present invention.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present application based on the embodiments herein.
Embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment discloses a method for scanning, configuring audit and monitoring alarm of Kubernetes cluster loopholes, fig. 1 is a system architecture diagram of the present invention, and as shown in the figure, the method comprises:
step one, installing a controller in a k8s cluster in a server/client mode through Helm. The invention embeds the loophole metadata database, when each time of triggering scanning, the server downloads and caches the latest loophole database, and when scanning again, the server checks and updates the database to keep the database in the latest state, thereby ensuring the timeliness of the loophole database.
And step two, the invention embeds an audit strategy to be stored in the configuration of the trivy-operator-policies-config, and defines the basic strategies of gateway, network strategy, resource allocation and other types.
Step three, when a load or task is created, k8s can create a container group, and after the controller monitors the creation of the container group, the vulnerability scanner can execute vulnerability scanning and generate a vulnerability report; the configuration auditor scans the mounted configuration file and generates a configuration audit report.
And step four, after the operations such as load modification or task mirroring are performed, the Pod can be re-created in k8s, and at the moment, scanning can be re-triggered and a security report can be generated.
And fifthly, generating a vulnerability report and configuring an audit report by storing the vulnerability report and the audit report in k8s, wherein the vulnerability report and the audit report are stored in a customized resource (crds), so that assistance can be provided for vulnerability analysis and correction after a user.
Step six, the controller provides an interface for inquiring the vulnerability index and the audit index, and Prometheus scans the interface every 15 seconds and stores the vulnerability index and the audit index.
And step seven, after the index reaches a preset threshold, the alarm component of Prometheus triggers an alarm and reports the loophole and audit information to the user.
FIG. 2 is a vulnerability scanning flow chart of the present invention, as shown in the following:
step one, the server of the controller acquires the latest vulnerability database from the configured metadata database, and caches the latest vulnerability database, and when scanning again, the server checks and updates the database to keep the database in the latest state.
And secondly, the controller client monitors the state change of the container group, and when the container group is created or modified, vulnerability scanning or configuration audit is triggered.
And thirdly, after vulnerability scanning or configuration audit is triggered, the vulnerability scanner component scans the vulnerabilities of the images in the container, and the configuration auditor scans the configuration files in the images and compares the configuration files with the latest vulnerability database of the controller server side to generate a security report.
FIG. 3 is a flow chart of the monitoring alarm of the present invention, as shown in the drawings:
step one, the controller provides an interface of the vulnerability index and the audit index, and Prometheus scans the interface every 15 seconds and caches the vulnerability index and the audit index.
And step two, a group of alarm strategies, alarm receiving mailboxes and mail templates are built in the device.
And thirdly, after the index data reach a threshold value preset by an alarm strategy, if the number of mirror image serious loopholes of a certain load is more than or equal to 1, the alarm component of the alarm component can send the form of the alarm information mail to a user according to the built-in mail template and the alarm receiving mailbox.
The invention discloses a novel method for detecting loopholes at a cluster level. The method operates in a cluster in the manner of a controller operator, and responds to changes by observing state changes of k8s resources and automatically triggering scanning, for example, starting vulnerability scanning when creating a new container group, continuously scanning the k8s cluster to find security problems, and generating a security report. The invention discloses a monitoring alarm system based on detection results. After detecting the loopholes of the mirror image or the configuration file, the controller sends the monitoring indexes to promethaus, and gives an alarm to the user according to the severity and the number of the loopholes. The invention can persistence detection result, the security report generated is stored in k8s cluster by user-defined resource (crds), and can make transverse or longitudinal comparison analysis to the security report, thus improving the vulnerability correction efficiency.
Example 2
The invention provides a vulnerability scanning, configuration audit and monitoring alarm method of a Kubernetes cluster level, which comprises the following steps:
the first step, the controller monitors the state change of the container to be detected, detects the target state change, automatically triggers vulnerability scanning and generates a vulnerability report.
And secondly, the controller monitors the state change of audit configuration, including gateway, network policy, resource allocation and the like, and automatically triggers configuration audit and generates configuration audit report when new or modification of the target is detected.
And thirdly, periodically acquiring and storing the vulnerability reports or the configuration audit reports generated in the first step and the second step by Prometaus, and sending an alarm to a user according to an alarm strategy.
Specifically, in the vulnerability scanning method provided by the invention, according to the configured vulnerability metadata database, the latest vulnerability database is downloaded and cached every time of operation, and when scanning again, the latest vulnerability database is checked and updated to keep the latest state of the database, so that the timeliness of the vulnerability database is ensured.
Specifically, in the vulnerability scanning method provided by the invention, the controller (Operator) can operate in a form of a single machine or a server/client (C/S). When the server/client mode operates, a vulnerability database is not required to be maintained in each client, and the server maintains an up-to-date vulnerability database.
Specifically, in the vulnerability scanning method provided by the invention, the vulnerability can be self-defined and filtered, and the filtered vulnerability can not be recorded in a security report during scanning.
Specifically, in the configuration auditing method provided by the invention, the auditing rules can be configured in a self-defined manner. A group of configuration audit strategies are built in the configuration audit system and stored in the configuration of the trivy-operator-policies-config, and a user can add or modify the audit strategies according to the needs so as to expand the basic configuration audit functions. Firstly, the user needs to define metadata of the custom audit policy, wherein the metadata comprises a set unique identifier, a title, a severity (CRITICAL, HIGH, MEDIUM, LOW) and descriptive text, then policy logic is created, the type and the monitoring index of monitoring are defined, finally, the configuration is saved, and the controller is restarted, so that the controller can monitor the state of the custom resource according to the audit policy.
Specifically, in the method for monitoring alarm provided by the invention, an open source technology of Prometheus is mainly used, and Prometheus is an open source service monitoring system and a time sequence database, which comprises the following steps:
step one, the controller provides an interface for inquiring the vulnerability index and the audit index, and Prometheus is timed for 15 seconds to pull data once and store the data.
And step two, an alarm mailbox is built in the device and is used for sending alarm information to the mailbox after triggering an alarm. The user may enable the user to receive the alert message by adding or modifying an alert mailbox.
And thirdly, a group of alarm strategies are built in the device, and an alarm component of Prometheus can send alarm information to an alarm mailbox configured in the second step according to the built-in alarm strategies, for example, the number of serious loopholes of the mirror image in one load is not more than 1, and when the number of the serious loopholes of the mirror image in one load is more than or equal to 1.
In addition, the invention provides a vulnerability scanning, configuration audit and monitoring alarm device, which comprises:
the data acquisition module is used for monitoring the state change of the resource to be detected and automatically triggering scanning;
the vulnerability scanning and configuration auditing module scans mirror images vulnerabilities, audits configuration, obtains a security report, and sends monitoring indexes to promethaus;
and the monitoring alarm module is used for sending alarm information to the user according to the monitoring index.
The invention also discloses a storage medium, and the storage medium stores a computer program which is executed by a processor to realize a method for scanning, configuring audit and monitoring alarm of the loopholes at the Kubernetes cluster level.
The invention discloses an electronic device, which comprises a memory and a processor, wherein the memory stores a computer program running on the processor, and the processor realizes a vulnerability scanning, configuration audit and monitoring alarm method of a Kubernetes cluster layer when executing the computer program.
The invention discloses a novel method for detecting loopholes at a cluster level. The method operates in a cluster in the manner of a controller operator, and responds to changes by observing state changes of k8s resources and automatically triggering scanning, for example, starting vulnerability scanning when creating a new container group, continuously scanning the k8s cluster to find security problems, and generating a security report. The invention discloses a monitoring alarm system based on detection results. After detecting the loopholes of the mirror image or the configuration file, the controller sends the monitoring indexes to promethaus, and gives an alarm to the user according to the severity and the number of the loopholes. The invention can persistence detection result, the security report generated is stored in k8s cluster by user-defined resource (crds), and can make transverse or longitudinal comparison analysis to the security report, thus improving the vulnerability correction efficiency.

Claims (10)

1. A method for cluster vulnerability scanning, configuration auditing and monitoring alarms, comprising:
the controller monitors the state change of the container to be detected, and automatically triggers vulnerability scanning and generates a vulnerability report when the state change of the target is detected;
the controller monitors the state change of audit configuration, including gateway, network strategy and resource allocation, and when detecting the new or modified target, automatically triggers configuration audit and generates configuration audit report;
prometheus periodically acquires and stores the generated vulnerability report or configuration audit report, and sends an alarm to a user according to an alarm strategy.
2. The method of claim 1, wherein the vulnerability scanning comprises:
according to the configured vulnerability metadata database, the latest vulnerability database is downloaded and cached every time, and when scanning again, the vulnerability metadata database is checked and updated to keep the database in the latest state, so that timeliness of the vulnerability database is ensured.
3. The method of claim 2, wherein the controller operates as a stand-alone or server/client; when the server/client mode operates, a vulnerability database is not required to be maintained in each client, and the server maintains an up-to-date vulnerability database.
4. The method of claim 3, wherein the vulnerability scanning further comprises: users can customize and filter the loopholes, and the filtered loopholes are not recorded in the security report during scanning.
5. The method of claim 4, wherein automatically triggering a configuration audit and generating a configuration audit report; the method specifically comprises the following steps:
when the configuration audit is performed, the custom configuration audit rule is allowed, a group of configuration audit strategies are built in the configuration of the trivy-operator-policies-config, and the user adds or modifies the audit strategies as required to expand the basic configuration audit function.
6. The method of claim 5, wherein the custom configuration audit rule specifically comprises:
firstly, the user needs to define metadata of a custom audit policy, wherein the metadata comprises a set unique identifier, a title, a severity and descriptive text, the severity comprises CRITICAL, HIGH, MEDIUM, LOW, then policy logic is created, the type and the monitoring index of monitoring are defined, finally, the configuration is saved, and the controller is restarted, so that the controller can monitor the state of the custom resource according to the audit policy.
7. The method according to claim 6, wherein the promethaus periodically obtains and saves the generated vulnerability report or configuration audit report, and sends an alert to the user according to an alert policy, specifically comprising:
the controller provides an interface for inquiring the vulnerability index and the audit index, and Prometheus is timed for 15 seconds to pull data once and store the data;
an alarm mailbox is built in and used for sending alarm information to the mailbox after triggering an alarm; the user can add or modify the alarm mailbox to enable the user to receive the alarm message;
a group of alarm strategies are built in, and an alarm component of Prometaheus sends alarm information to a configured alarm mailbox according to the built-in alarm strategies.
8. The utility model provides a cluster vulnerability scanning, configuration audit and control alarm device which characterized in that includes:
the data acquisition module is used for monitoring the state change of the resource to be detected and automatically triggering scanning;
the vulnerability scanning and configuration auditing module scans mirror images vulnerabilities, audits configuration, obtains a security report, and sends monitoring indexes to promethaus;
and the monitoring alarm module is used for sending alarm information to the user according to the monitoring index.
9. A storage medium having a computer program stored thereon, characterized by: the computer program, when executed by a processor, implements the method of any of claims 1 to 7.
10. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that runs on the processor, characterized in that: the processor, when executing the computer program, implements the method of any of claims 1 to 7.
CN202211567646.9A 2022-12-07 2022-12-07 Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device Pending CN116226855A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211567646.9A CN116226855A (en) 2022-12-07 2022-12-07 Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211567646.9A CN116226855A (en) 2022-12-07 2022-12-07 Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device

Publications (1)

Publication Number Publication Date
CN116226855A true CN116226855A (en) 2023-06-06

Family

ID=86589949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211567646.9A Pending CN116226855A (en) 2022-12-07 2022-12-07 Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device

Country Status (1)

Country Link
CN (1) CN116226855A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488945A (en) * 2023-06-20 2023-07-25 杭州默安科技有限公司 Container network isolation method and system
CN117034295A (en) * 2023-08-21 2023-11-10 中电云计算技术有限公司 Vulnerability scanning method and system based on Kubernetes Operator

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488945A (en) * 2023-06-20 2023-07-25 杭州默安科技有限公司 Container network isolation method and system
CN116488945B (en) * 2023-06-20 2023-09-15 杭州默安科技有限公司 Container network isolation method and system
CN117034295A (en) * 2023-08-21 2023-11-10 中电云计算技术有限公司 Vulnerability scanning method and system based on Kubernetes Operator

Similar Documents

Publication Publication Date Title
CN116226855A (en) Cluster vulnerability scanning, configuration auditing and monitoring alarm method and device
US7797335B2 (en) Creation and persistence of action metadata
CN109391664B (en) System and method for multi-cluster container deployment
US8301580B2 (en) Method and system for managing computer systems
CN110515912A (en) Log processing method, device, computer installation and computer readable storage medium
US9813449B1 (en) Systems and methods for providing a security information and event management system in a distributed architecture
CN104781802A (en) Custom resources in resource stack
US11012476B2 (en) Protecting IOT devices by behavioural analysis of their file system
US11496607B2 (en) Content management system framework for cloud deployment and operation as microservices
US20230231885A1 (en) Multi-perspective security context per actor
CN111597014B (en) Secondary-mirror-image-free release method for containerized JavaEE application server
CN111817984A (en) Message sending method, device, equipment and storage medium
US20120117109A1 (en) Network element integration
US8121965B2 (en) Updating an engine using a description language
US20230409710A1 (en) Allow list of container images based on deployment configuration at a container orchestration service
CN114640610B (en) Cloud-protogenesis-based service management method and device and storage medium
CN114968495A (en) Method and system for realizing geoscience data sharing based on kubernets platform
CN114625594A (en) Configuration file generation method, log collection method, device, equipment and medium
US20090313307A1 (en) Manipulation of network management information
CN111475783A (en) Data detection method, system and equipment
US11416609B1 (en) Systems and methods for cyber security threat detection and expedited generation of investigation storyboards using intelligent cyber security automations
US20050172017A1 (en) Policy engine
CN114116629A (en) Kubernetes platform log processing method and related device
CN115658424A (en) Monitoring method, apparatus, device, medium and program product based on knowledge graph
CN117076038A (en) Mirror image construction method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination