Observability is one of the ARMO system core capabilities.
The capability allows a deep observation for:
A clear threat analysis based on alerts and incidents per each connected workload.
A Deep observation for workload functionality.
A graphical view of the system connectivity and communication patterns.
A wide data collection: workload files, processes, and more are collected.
Forensics information creation, such as memory dump, network packet capture, etc.
The ARMO component associated with showing the system observability is the ARMO Management Portal.
The main ARMO Management Portal section, which is relevant for the Observability capability are:
This section in the ARMO portal provides the system statistics, main alerts, logs, and data. The information provided in the dashboard allows an understanding of the current status of ARMO protected components and the system in general.
The Dashboard implements the capability aspect: A clear threat analysis based on alerts and incidents per each connected workload.
This section in the ARMO portal provides the alerting, monitoring, and system events listing. The Incidents section assists in managing the logging, analysis, and timeline of workloads related events in the system.
The capability aspects of the Incidents contains are:
This section in the ARMO portal provides the inventory listing of ARMO protected workloads in the system. The Workload Explorer allows to view the details, status, and manage specific workload actions related to other aspects of the system. The capability aspects the Workload Explorer contains are:
ARMO Management Portal: Workload Visualizer
This section in the ARMO portal provides the visual diagram of workloads and components in the system. The Workload Visualizer allows viewing the connectivity, status, and details of the system workloads related to other system aspects.
The Workload Visualizer implements the capability aspect: a graphical view of the system connectivity and communication patterns.
to verify if technically correct