Appendix: Prometheus monitoring support
Prometheus
monitoring supportPrometheus
is a monitoring service for server applications. A Prometheus
server uses HTTP GET calls to scrape data from various services, and allows you to run queries against that data. For more information, see https://prometheus.io/.The table below details the metrics that the
Cylance Engine
provides to a Prometheus
server. The Cylance Engine
provides the following types of metrics:
- Counter: A metric that can only increase (for example, a total amount).
- Guage: A counter that can increase or decrease (for example, a count of items in process).
- Histogram: A sample of observations sorted into buckets, along with the sum and count of observations.
Metric | Scope | Type | Description |
|---|---|---|---|
cyeng_samples_in_process | Global | Gauge | This metric tracks the number of samples that are currently in process. It can range from 0 (idle) up to the max concurrency setting in the INI file or command-line option. |
cyeng_total_errors | Global | Counter | This metric is the total number of errors encountered during the scoring process. Composite files (for example, archives) can generate more than one error or a combination of valid, aborted, and error counts. |
cyeng_total_unknowns | Global | Counter | This metric is the total number of samples that do not have a corresponding model. Composite files (for example, archives) can result in more unknowns than samples processed, as one archive sample may contain many supported and unsupported files. |
cyeng_total_aborted_samples | Global | Counter | This metric is the total number of samples that were aborted due to a timeout or exceeding the maximum nesting level. Composite files (for example, archives) can produce both valid and aborted results. |
cyeng_total_bytes_processed | Global | Counter | This metric is the total number of sample bytes that have been processed. This counter is the top-level sample size and does not count samples that are extracted from a sample (for example, Apple Universal Binaries or archives). |
cyeng_sample_processing_time | Global | Histogram | This metric is the observation of sample processing times for all sample types. For a composite file, the observation is for the total processing time of all samples it contains. |
cyeng_sample_size | Global | Histogram | This metric is the observation of the sample size, in bytes. For a composite file, the observation is for the total size of all samples it contains. |
cyeng_total_ <sample-format> _samples_processed | Per model | Counter | This metric is the total number of processed samples of the type specified with <sample-format> . For a composite file, the count applies to all samples that it contains. For example, if an archive contains another archive, this counter would accumulate 2 counts for the ARC format in addition to any formats inside the archive. |
cyeng_total_benign_ <sample-format> _samples | Per model | Counter | This metric is the total number of benign samples (a score between 0.0 and +1.0, inclusive) of the type specified with <sample-format> . For a composite file, the count applies to all samples that it contains. |
cyeng_total_suspicious_ <sample-format> _samples | Per model | Counter | This metric is the total number of suspicious samples (a score between -0.6 and 0.0, exclusive) of the type specified with <sample-format> . For a composite file, the count applies to all samples that it contains. |
cyeng_total_malicious_ <sample-format> _samples | Per model | Counter | This metric is the total number of malicious samples (a score between -1.0 and -0.6, inclusive) of the type specified with <sample-format> . For a composite file, the count applies to all samples that it contains. |
cyeng_ <sample-format> _processing_time | Per model | Histogram | This metric is the observation of sample processing times for the sample type specified with <sample-format> . For composite files, the entire processing time of the composite file is included in the composite file's bucket (for example, ARC or MOFAT). |