These docs explain two ways to work with AppScope: together with Cribl Edge, and on its own. Cribl Edge provides a means to manage AppScope at scale. The concluding Reference topics generally apply for both approaches, although the CLI Reference is most relevant for using AppScope on its own or with other open-source tools.
Here we'll cover working on a Linux host or virtual machine, in a Docker or similar container, or on Kubernetes.
AppScope comes bundled with Cribl Edge, so there's no need to discuss how to obtain AppScope.
Here we'll cover obtaining, and then using AppScope, starting with the CLI.
To work effectively with AppScope, start with these fundamental points:
Another important distinction to understand when working with AppScope is that between "scope by PID" and "scope by Rule."
Scope by Rule instruments one or more processes, not only on one host, but, when using AppScope together with Cribl Edge, an entire Edge Fleet.
AppScope's ease of use stems from its flexible set of controls:
scope.yml, can be invoked from either the CLI or the library.