AppView is an open source, runtime-agnostic instrumentation utility for any Linux command or application. It helps users to explore, understand, and gain visibility with no code modification.
With one instrumentation approach for all runtimes, AppView offers ubiquitous, unified instrumentation of any unmodified Linux executable.
With AppView 1.0.0 comes the new threat detection logic that allows users to capture security-related events. Is your application accessing secure files? Is it making connections it shouldn't be? Is it exfiltrating data over DNS or is GOT poisoning in effect?
Other features of the 1.0.0 release include the ability to:
- Generate metrics on process and application performance.
- Generate events, reporting on network, file, logs, console messages and http/s activity.
- Capture (decrypted) payload data without the need for keys.
- Generate a stack trace, and a core dump when an application crashes.
- Generate network flow information.
- Create a report on unique file and network activity.
- Install AppView in a Kubernetes cluster.
- Secure file and network access in an application.
- Instrument both static and dynamic executables.
- Attach to processes while they are running or start when the process does.
- Normalize and forward metrics and events, in real time, to remote systems.
- Summarize metrics and detect protocols.
We are looking for users and contributors alike.