Abstract: Techniques for providing contextual forensic data based on user activities. A first method includes identifying a user action in user activity data, wherein the user action is a discrete event initiated by a user, wherein the user action is performed with respect to a portion of a system; and correlating the identified user action with at least one system change, wherein the at least one system change is related to the portion of the system, wherein the at least one system change occurred after the user action. A second method includes taking a first snapshot before a user action occurs, wherein the user action is a discrete event initiated by a user, wherein the first snapshot is taken of at least a portion of a system; and taking a second snapshot after the user action occurs, wherein the second snapshot is taken of the at least a portion of the system.

Abstract: A host device and methods for efficient distributed security forensics. The method includes creating, at a host device configured to run a virtualization entity, an event index for the virtualization entity; encoding a plurality of events related to the virtualization entity, wherein each event includes a process having a process path; and updating the event index based on the encoded plurality of events.

Abstract: A system and method for cloud native discovery and protection. The method includes discovering instances of a plurality of cloud assets in a cloud native environment based on a plurality of application programming interface (API) endpoints in the cloud native environment, wherein the plurality of API endpoints is identified based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one entity deployed in the cloud native environment; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: A host device and methods for efficient distributed security forensics. The method includes creating, at a host device configured to run a virtualization entity, an event index for the virtualization entity; encoding a plurality of events related to the virtualization entity, wherein each event includes a process having a process path; and updating the event index based on the encoded plurality of events.

Abstract: A system and method for cloud native discovery and protection. The method includes discovering instances of a plurality of cloud assets in a cloud native environment based on a plurality of application programming interface (API) endpoints in the cloud native environment, wherein the plurality of API endpoints is identified based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one entity deployed in the cloud native environment; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: A host device and methods for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity, wherein each event includes a process having a process path, wherein encoding the at least one event includes replacing at least a portion of each event with at least one code representing at least the process path of the respective process; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.

Abstract: A system and method for cloud native discovery and protection. The method includes identifying a plurality of cloud assets in a cloud native environment based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one of: each of the at least one cloud asset, and at least one security solution deployed in the cloud native environment, wherein each cloud asset instance is an instance of one of the plurality of cloud assets; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: Techniques for providing contextual forensic data based on user activities. A first method includes identifying a user action in user activity data, wherein the user action is a discrete event initiated by a user, wherein the user action is performed with respect to a portion of a system; and correlating the identified user action with at least one system change, wherein the at least one system change is related to the portion of the system, wherein the at least one system change occurred after the user action. A second method includes taking a first snapshot before a user action occurs, wherein the user action is a discrete event initiated by a user, wherein the first snapshot is taken of at least a portion of a system; and taking a second snapshot after the user action occurs, wherein the second snapshot is taken of the at least a portion of the system.

Abstract: A host device and methods for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity, wherein each event includes a process having a process path, wherein encoding the at least one event includes replacing at least a portion of each event with at least one code representing at least the process path of the respective process; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.

Abstract: A host device and method for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.

Abstract: A system and method for cloud native discovery and protection. The method includes identifying a plurality of cloud assets in a cloud native environment based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one of: each of the at least one cloud asset, and at least one security solution deployed in the cloud native environment, wherein each cloud asset instance is an instance of one of the plurality of cloud assets; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: A host device and method for efficient distributed security forensics. The method includes creating, at a first host device configured to run a first virtualization entity, a first event index for the first virtualization entity; encoding at least one event related to the first virtualization entity; updating the first event index based on the encoded at least one event; and sending the first event index to a master console, wherein the master console is configured to receive a plurality of event indices created by a plurality of host devices with respect to a plurality of virtualization entities.