Construct customized observability options
Cisco Observability Platform (COP) allows builders to construct customized observability options to realize priceless insights throughout their expertise and enterprise stack. Whereas storage and question of Metric, Occasion, Log, and Hint (MELT) information is a key platform functionality, the Data Retailer (KS) allows options to outline and handle domain-specific enterprise information. It is a key enabler of differentiated options. For instance, an answer could use Well being Guidelines and FMM entity modeling to detect community intrusions. Utilizing the Data Retailer, the answer might carry an idea equivalent to “Investigation” to the platform, permitting its customers to create and handle the whole lifecycle of a community intrusion investigation from creation to remediation.
On this weblog submit we’ll educate the nuts and bolts of including a data mannequin to a Cisco Observability Platform (COP) answer, utilizing the instance of a community safety investigation. This weblog submit will make frequent use of the FSOC command to supply hands-on examples. In case you are not conversant in FSOC, you possibly can evaluate its readme.
First, let’s rapidly evaluate the COP structure to know the place the Data Retailer matches in. The Data Retailer is the distributed “mind” of the platform. The data retailer is a sophisticated JSON doc retailer that helps solution-defined Varieties and cross-object references. Within the diagram beneath, the Data Retailer is proven “linked” by arrows to different parts of the platform. It is because all parts of the platform retailer their configurations within the data retailer. The Data Retailer has no ‘built-in’ Varieties for these parts. As a substitute, every part of the platform makes use of a system answer to outline data varieties defining their very own configurations. On this sense, even inside parts of the platform are options that rely upon the Data Retailer. Because of this, the Data Retailer is essentially the most important part of the platform that completely nothing else can perform with out.
So as to add a extra detailed understanding of the Data Retailer we will perceive it as a database that has layers. The SOLUTION layer is replicated globally throughout Cells. This makes the SOLUTION layer appropriate for comparatively small items of knowledge that must be shared globally. Any objects positioned inside an answer package deal should be made obtainable to subscribers in all cells, due to this fact they’re positioned within the replicated SOLUTION layer.
Get a step-by-step information
From this level we’ll swap to a hands-on mode and invite you to ‘git clone git@github.com:geoffhendrey/cop-examples.git’. After cloning the repo, check out https://github.com/geoffhendrey/cop-examples/blob/foremost/instance/knowledge-store-investigation/README.md which provides an in depth step-by-step information on how one can outline a community intrusion Kind within the JSON retailer and how one can populate it with a set of default values for an investigation. Proven beneath is an instance of a malware investigation that may be saved within the data retailer.
The crucial factor to know is that previous to the creation of the ‘investigation’ sort, which is taught within the git repo above, the platform had no idea of an investigation. Subsequently, data modeling is a foundational functionality, permitting options to increase the platform. As you possibly can see from the instance investigation beneath, an answer could carry the potential to report, examine, remediate, and shut a malware incident.
Should you cloned the git repo and adopted together with the README, then you definately already know the important thing factors taught by the ‘investigation’ instance:
The data retailer is a JSON doc retailer
An answer package deal can outline a Kind, which is akin to including a desk to a database
A Kind should specify a JSON schema for its allowed content material
A Kind should additionally specify which doc fields uniquely establish paperwork/objects within the retailer
An answer could embody objects, which can be of a Kind outlined within the answer, or which had been outlined by some totally different answer
Objects included in a Answer are replicated globally throughout all cells within the Cisco Observability Platform.
An answer together with Varieties and Objects could be printed with the fsoc command line utility
Present worth and context on prime of MELT information
Cisco Observability Platform allows answer builders to carry highly effective, area particular data fashions to the platform. Data fashions enable options to supply worth and context on prime of MELT information. This functionality is exclusive to COP. Search for future blogs the place we’ll discover how one can entry objects at runtime, utilizing fsoc, and the underlying REST APIs. We may even discover superior matters equivalent to how one can generate data objects primarily based on workflows that may be triggered by platform well being guidelines, or triggers inside the information ingestion pipeline.
Discover associated assets
Study extra about Cisco Full-Stack Observability and discover developer assets for:
Infrastructure Monitoring
Utility Monitoring
Utility Safety
Digital Expertise Monitoring
Share: