Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-30958

Improve speed and memory of process baseline risk evaluation

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • Improve speed and memory of process baseline risk evaluation
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • 13% To Do, 0% In Progress, 88% Done

      As noted in numerous support cases recently, the reprocessing of risk particularly related to process baselines and process indicators is consuming an large amount of memory and compute resources.  There are some suboptimal patterns in that chunk of code we must look at and improve.

      Things we need to do:

      • Create bench mark tests to measure success
      • We should only query the indicators we need not ALL of them from the deployment.  Meaning we should add container name to the indicator query.
      • The process indicator object can be quite large.  We should only query the fields we need when we need them.  We only need the arguments for the violating processes so those should be a separate query.  We only need the ID, path, and a couple of time fields for evaluation if it is a violation or not.  We can greatly reduce memory consumption by only retrieving those fields.  That will alleviate pressure on both the database and central.

        1. image-2025-09-19-06-18-47-023.png
          image-2025-09-19-06-18-47-023.png
          44 kB

              rh-ee-dashrews David Shrewsberry
              rh-ee-dashrews David Shrewsberry
              ACS Core Workflows
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: