Course Overview

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy, enabling customers to collect, process, route, and analyze all IT and security data. One of the tools in Cribl's repertoire is Appscope.

AppScope interposes itself between applications and shared libraries and system calls. From this position, AppScope can observe the application from the inside. AppScope observes resource consumption, filesystem traffic, and network traffic, including cleartext payloads. AppScope is like strace meets tcpdump, but designed to be easily consumed by engineers operating and securing applications.

AppScope comes in two forms. The first is a command line utility: The scope CLI makes it easy to interrogate any Linux binary. It's a single, statically linked binary that enables you to instrument any other binary by simply prepending scope. The second is an agent, libscope.so, which delivers APM-like instrumentation – as logs and metrics – to your existing tooling.

This course will introduce you to the fundamentals of AppScope. You'll scope many different Linux applications like nc, curl, python, and even perl! You'll see what kind of data AppScope can pick up, like file, network, and HTTP events. Lastly, you'll see how it's easy to capture events and payloads of TLS-encrypted streams, no matter the language runtime.

Let's get started!