Abstract: An instantiated application includes both a runtime instantiation of an application image, and an administrative service operable to install in the instantiated application at least one security module during runtime of the instantiated application in a container. Prior to runtime, a design time agent can access the application image in a repository, examine the application image, and based on the examining, adding at least one security module to the application image prior to instantiation. During runtime, a runtime agent can query parameters of the container, such as static and dynamic variables available on the machine on which the container is running. The runtime agent processes these parameters in conjunction with predefined rules to determine an action such as starting, stopping, adding, and/or changing the security module, such as the method of packet inspection.

Abstract: An automated method executed by circuitry is provided for monitoring a software platform including multiple pods that manage, deploy, and execute micro services. The method uses monitoring pods at locations of interest in the software platform to label transactions that pass through the monitoring pods. The labels applied to the transactions are sent to a security program for review.

Abstract: An instantiated application includes both a runtime instantiation of an application image, and an administrative service operable to install in the instantiated application at least one security module during runtime of the instantiated application in a container. Prior to runtime, a design time agent can access the application image in a repository, examine the application image, and based on the examining, adding at least one security module to the application image prior to instantiation. During runtime, a runtime agent can query parameters of the container, such as static and dynamic variables available on the machine on which the container is running. The runtime agent processes these parameters in conjunction with predefined rules to determine an action such as starting, stopping, adding, and/or changing the security module, such as the method of packet inspection.

Abstract: An instantiated application includes both a runtime instantiation of an application image, and an administrative service operable to install in the instantiated application at least one security module during runtime of the instantiated application in a container. Prior to runtime, a design time agent can access the application image in a repository, examine the application image, and based on the examining, adding at least one security module to the application image prior to instantiation. During runtime, a runtime agent can query parameters of the container, such as static and dynamic variables available on the machine on which the container is running. The runtime agent processes these parameters in conjunction with predefined rules to determine an action such as starting, stopping, adding, and/or changing the security module, such as the method of packet inspection.

Abstract: An automated method executed by circuitry is provided for monitoring a software platform including multiple pods that manage, deploy, and execute micro services. The method uses monitoring pods at locations of interest in the software platform to label transactions that pass through the monitoring pods. The labels applied to the transactions are sent to a security program for review.

Abstract: An instantiated application includes both a runtime instantiation of an application image, and an administrative service operable to install in the instantiated application at least one security module during runtime of the instantiated application in a container. Prior to runtime, a design time agent can access the application image in a repository, examine the application image, and based on the examining, adding at least one security module to the application image prior to instantiation. During runtime, a runtime agent can query parameters of the container, such as static and dynamic variables available on the machine on which the container is running. The runtime agent processes these parameters in conjunction with predefined rules to determine an action such as starting, stopping, adding, and/or changing the security module, such as the method of packet inspection.

Abstract: Methods, apparatus, systems and articles of manufacture to control computing resource utilization of monitoring agents. An example method includes instructing a monitoring agent of a compute node to perform a first monitoring operation associated with a first monitoring level. In response to the first monitoring operation returning a first result that is outside of an acceptable threshold, a second monitoring level is identified. The second monitoring level is associated with a second monitoring operation that is allocated more computing resources than the first monitoring operation associated with the first monitoring level.

Abstract: Computerized methods and systems inspect data packets received from a web server for the presence of a value from a list of prohibited values. If a prohibited value is absent, a gateway injects at least one JavaScript code segment for execution by a web browser. The at least one JavaScript code segment includes a plurality of JavaScript functions which include at least one security analysis JavaScript function and a plurality of modified JavaScript functions. Each of the modified JavaScript functions is created from a respective native JavaScript function to include at least one code segment that when executed inspects for at least one of: a dynamic modification of at least one JavaScript function from a prohibited list of JavaScript functions, a dynamic creation of at least one JavaScript function from the prohibited list of JavaScript functions, or a dynamic reference to a value from the list of prohibited values.

Abstract: The present disclosure is related to methods, systems, and machine-readable media for a common run-time design-time environment. That a user has design credentials associated with a website can be confirmed. An indication of an interaction of the user with a display element of the website can be received during run-time. A graphical user interface associated with the display element can be displayed to the user during run-time responsive to the interaction and responsive to the confirmation that the user has design credentials. Input from the user that causes a design-time modification to a relationship between the website and a monitoring service can be received in a common run-time design-time environment.

Abstract: Methods, apparatus, systems and articles of manufacture to control a monitoring agent are disclosed herein. An example method includes instructing, via a processor, a monitoring agent of a compute node to perform a first monitoring operation associated with a first monitoring level. A second monitoring level is transitioned to in response to the first monitoring operation returning a first result that is within an acceptable threshold. In response to transitioning to the second monitoring level, an access right of a pre-requisite of the first monitoring operation at the compute node is modified without uninstalling the pre-requisite.

Abstract: Methods, apparatus and articles of manufacture are disclosed to enforce life cycle rules in a modularized virtualization topology using virtual hard disks. An example method includes, in response to a request to access a first virtual hard disk in a virtual computing environment, identifying, with a processor, a life cycle stage. The example method also includes determining, with the processor, whether a condition associated with the life cycle stage applies to the first virtual hard disk. The example method also includes refusing, with the processor, to mount, refusing to dis-mount, mounting or dis-mounting the first virtual hard disk if the condition is satisfied.

Abstract: Methods, apparatus and articles of manufacture are disclosed to manage inter-virtual disk relations in a modularized virtualization topology using virtual hard disks. An example method includes, in response to a request to access a first virtual hard disk in a virtual computing environment, determining, with a machine, whether an inter-virtual hard disk rule associated with a second virtual hard disk is invoked and whether a condition of the inter-virtual hard disk rule is satisfied. The example method also includes identifying, with the machine, a response action if the inter-virtual hard disk rule is invoked and the condition is satisfied, and executing the response action with the machine.

Abstract: Methods and apparatus to remotely start a virtual machine are disclosed herein. An example method to remotely start a virtual machine includes requesting, at a network device, allocation of a network address to the network device, the network address formerly being allocated to the virtual machine and generating, with the network device, a user interface. The user interface presents an option to start at least one of the virtual machine and an operating system installed in the virtual machine. Some example methods also include requesting, at the network device, release of the network address based on a selection of the option to start the virtual machine. Release of the network address causes the network address to be available for re-allocation to the virtual machine. The example methods can further include generating an instruction to start the virtual machine when the option to start the virtual machine is selected.

Abstract: Methods, apparatus are articles of manufacture are disclosed to re-direct detected access requests in a modularized virtualization topology using virtual hard disks. An example method includes detecting, with a processor, a request to access a software asset at a first path location on a first virtual hard disk. The example method also includes determining, with the processor, whether the first path location is mapped to a second path location in a virtual computing environment, the second path location corresponding to a second virtual hard disk encapsulating a functionality originally associated with the first path location. The example method also includes, when the first path location is mapped to the second path location, re-directing, with the processor, the request to the second virtual hard disk.

Abstract: Computerized methods and systems inspect data packets received from a web server for the presence of a value from a list of prohibited values. If a prohibited value is absent, a gateway injects at least one JavaScript code segment for execution by a web browser. The at least one JavaScript code segment includes a plurality of JavaScript functions which include at least one security analysis JavaScript function and a plurality of modified JavaScript functions. Each of the modified JavaScript functions is created from a respective native JavaScript function to include at least one code segment that when executed inspects for at least one of: a dynamic modification of at least one JavaScript function from a prohibited list of JavaScript functions, a dynamic creation of at least one JavaScript function from the prohibited list of JavaScript functions, or a dynamic reference to a value from the list of prohibited values.

Abstract: Methods, apparatus and articles of manufacture are disclosed to apply a modularized virtualization topology using virtual hard disks. An example modularized virtualized computing environment includes a processor, a hypervisor, a virtual machine deployed by the hypervisor, and a plurality of virtual hard drives, each virtual hard drive encapsulating one respective logical functionality or one logical data set, the virtual hard drives cooperating to implement an overall functionality or service.

Abstract: Methods, apparatus and articles of manufacture are disclosed to enforce life cycle rules in a modularized virtualization topology using virtual hard disks. An example method includes, in response to a request to access a first virtual hard disk in a virtual computing environment, identifying, with a processor, a life cycle stage. The example method also includes determining, with the processor, whether a condition associated with the life cycle stage applies to the first virtual hard disk. The example method also includes refusing, with the processor, to mount, refusing to dis-mount, mounting or dis-mounting the first virtual hard disk if the condition is satisfied.

Abstract: Methods, apparatus are articles of manufacture are disclosed to re-direct detected access requests in a modularized virtualization topology using virtual hard disks. An example method includes detecting, with a processor, a request to access a software asset at a first path location on a first virtual hard disk. The example method also includes determining, with the processor, whether the first path location is mapped to a second path location in a virtual computing environment, the second path location corresponding to a second virtual hard disk encapsulating a functionality originally associated with the first path location. The example method also includes, when the first path location is mapped to the second path location, re-directing, with the processor, the request to the second virtual hard disk.

Abstract: Methods, apparatus and articles of manufacture are disclosed to apply a modularized virtualization topology using virtual hard disks. An example modularized virtualized computing environment includes a processor, a hypervisor, a virtual machine deployed by the hypervisor, and a plurality of virtual hard drives, each virtual hard drive encapsulating one respective logical functionality or one logical data set, the virtual hard drives cooperating to implement an overall functionality or service.

Abstract: Methods, apparatus and articles of manufacture are disclosed to manage inter-virtual disk relations in a modularized virtualization topology using virtual hard disks. An example method includes, in response to a request to access a first virtual hard disk in a virtual computing environment, determining, with a machine, whether an inter-virtual hard disk rule associated with a second virtual hard disk is invoked and whether a condition of the inter-virtual hard disk rule is satisfied. The example method also includes identifying, with the machine, a response action if the inter-virtual hard disk rule is invoked and the condition is satisfied, and executing the response action with the machine.