{"id":24659285,"url":"https://github.com/sysflow-telemetry/sf-lab","last_synced_at":"2025-06-25T03:04:54.892Z","repository":{"id":100150380,"uuid":"567913712","full_name":"sysflow-telemetry/sf-lab","owner":"sysflow-telemetry","description":"Repository with educational SysFlow notebooks","archived":false,"fork":false,"pushed_at":"2024-04-18T05:24:52.000Z","size":21102,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-25T03:04:54.740Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysflow-telemetry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-11-18T22:14:27.000Z","updated_at":"2024-03-13T07:12:04.000Z","dependencies_parsed_at":"2024-02-14T04:33:44.434Z","dependency_job_id":"46d3a0fb-b004-4789-8efc-5dea67bd0b56","html_url":"https://github.com/sysflow-telemetry/sf-lab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sysflow-telemetry/sf-lab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysflow-telemetry%2Fsf-lab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysflow-telemetry%2Fsf-lab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysflow-telemetry%2Fsf-lab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysflow-telemetry%2Fsf-lab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysflow-telemetry","download_url":"https://codeload.github.com/sysflow-telemetry/sf-lab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysflow-telemetry%2Fsf-lab/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261795318,"owners_count":23210618,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T02:54:38.178Z","updated_at":"2025-06-25T03:04:54.828Z","avatar_url":"https://github.com/sysflow-telemetry.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SysFlow Notebooks\n\nThis repository contains educational SysFlow notebooks.\n\n| **Notebook** | **Description** | **Live environment** |\n|---|---|---|\n| pynb/FloCon2021 | Notebook for the [FloCon'21 conference](https://www.hacktheuniverse.tech/provenance-tracking-with-attack-graphs-using-sysflow/) demo | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/FloCon2021.ipynb) |\n| pynb/AI4Sec2021 | Notebook for the [AI/ML for Cyber Security 2021 workshop](https://www.hacktheuniverse.tech/provenance-tracking-with-attack-graphs-using-sysflow/) demo | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/AI4Sec2021.ipynb) |\n| pynb/BHEurope21-Demo | Notebook for the [BlackHat Europe'21 Arsenal](https://www.blackhat.com/eu-21/arsenal/schedule/index.html#an-open-stack-for-threat-hunting-in-hybrid-cloud-with-connected-observability-25112) demo | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/BHEurope21-Demo.ipynb) |\n| pynb/AvengerCon22 | Notebook for the [AvengerCon'22 workshop](https://www.hacktheuniverse.tech/provenance-tracking-with-attack-graphs-using-sysflow/) tutorial | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/AvengerCon22.ipynb) |\n| pynb/LFOSSNA23 | Notebook for the [Linux Foundation Open Source Summit North America'23](https://sched.co/1K5IT) tutorial | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/LFOSSNA23.ipynb) |\n| pynb/LFLSSNA24 | Notebook for the [Linux Foundation Linux Security Summit'24](https://sched.co/1aIeC) demo | [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/sysflow-telemetry/sf-lab/blob/main/pynb/LFLSSNA24.ipynb) |\n\n\n# What is SysFlow?\n\nThe SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and for creating performance and security analytics. The goal of this project is to build all the plumbing required for system telemetry so that users can focus on writing and sharing analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a new data format called SysFlow, which lifts raw system event information into an abstraction that describes process behaviors, and their relationships with containers, files, and network. This object-relational format is highly compact, yet it provides broad visibility into container clouds. We have also built several APIs that allow users to process SysFlow with their favorite toolkits. Learn more about SysFlow in the [SysFlow specification document](https://sysflow.readthedocs.io/en/latest/spec.html).\n\nThe SysFlow framework consists of the following sub-projects:\n\n- [sf-apis](https://github.com/sysflow-telemetry/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.\n- [sf-collector](https://github.com/sysflow-telemetry/sf-collector) monitors and collects system call and event information from hosts and exports them in the SysFlow format using Apache Avro object serialization.\n- [sf-processor](https://github.com/sysflow-telemetry/sf-processor) provides a performance optimized policy engine for processing, enriching, filtering SysFlow events, generating alerts, and exporting the processed data to various targets.\n- [sf-exporter](https://github.com/sysflow-telemetry/sf-exporter) exports SysFlow traces to S3-compliant storage systems for archival purposes.\n- [sf-deployments](https://github.com/sysflow-telemetry/sf-deployments) contains deployment packages for SysFlow, including Docker, Helm, and OpenShift.\n- [sysflow](https://github.com/sysflow-telemetry/sysflow) is the documentation repository and issue tracker for the SysFlow framework.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysflow-telemetry%2Fsf-lab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysflow-telemetry%2Fsf-lab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysflow-telemetry%2Fsf-lab/lists"}