Cisco Observability Platform enables developers to build custom observability solutions to gain valuable insights across their technology and business stack.
While storage and query of Metric, Event, Log, and Trace data is a key platform capability, the Knowledge Store enables solutions to define and manage domain-specific business data.
In this blog post we will teach the nuts and bolts of adding a knowledge model to a Cisco Observability Platform solution, using the example of a network security investigation.
First, let's quickly review the COP architecture to understand where the Knowledge Store fits in.
The knowledge store is an advanced JSON document store that supports solution-defined Types and cross-object references.
This is because all components of the platform store their configurations in the knowledge store.
The Knowledge Store has no 'built-in' Types for these components.
Instead, each component of the platform uses a system solution to define knowledge types defining their own configurations.
In this sense, even internal components of the platform are solutions that depend on the Knowledge Store.
For this reason, the Knowledge Store is the most essential component of the platform that absolutely nothing else can function without.
To add a more detailed understanding of the Knowledge Store we can understand it as a database that has layers.
Any objects placed inside a solution package must be made available to subscribers in all cells, therefore they are placed in the replicated SOLUTION layer.
Shown below is an example of a malware investigation that can be stored in the knowledge store.
Knowledge modeling is a foundational capability, allowing solutions to extend the platform.
A solution may include objects, which may be of a Type defined in the solution, or which were defined by some different solution.
Objects included in a Solution are replicated globally across all cells in the Cisco Observability Platform.
A solution including Types and Objects can be published with the fsoc command line utility.
Cisco Observability Platform enables solution developers to bring powerful, domain specific knowledge models to the platform.
Knowledge models allow solutions to provide value and context on top of MELT data.
We will also explore advanced topics such as how to generate knowledge objects based on workflows that can be triggered by platform health rules, or triggers inside the data ingestion pipeline.
This Cyber News was published on feedpress.me. Publication date: Fri, 12 Jan 2024 01:13:06 +0000