Deployment Architecture - The Context Graph

To ensure real-time accuracy and seamless integration without overwhelming central network bandwidth, the Context Graph utilizes a distributed Context Agent architecture.

Discovering Context locally

• Lightweight Deployment: The Context Agent is deployed directly into the target environment (e.g., as a Kubernetes DaemonSet, a sidecar container, or a lightweight VM agent).

• In-Situ Analysis: The agent safely discovers context where it lives. It analyzes local configurations, sniffs local traffic metadata (via eBPF), reads local code structures, and parses local logs.

• Graph Delta Sync: Instead of shipping massive raw logs or raw source code to a central server, the agent constructs a "local graph" and only streams the deltas (changes in nodes and edges) back to the central OpsMx Context Graph. This ensures privacy, security, and low bandwidth utilization.

A Queryable Ecosystem for Third-Party Applications

The OpsMx Context Graph is not a walled garden. The agents and the central graph expose robust GraphQL and RESTful APIs designed to be consumed by the broader security ecosystem.

• Federated Queries: Third-party applications (like SIEMs, CSPMs, or custom internal security tools) can query the local agent or the central graph.

• Example Query: A third-party SIEM detecting a strange IP can query the OpsMx Context API: "Which container is currently handling traffic from IP X, what is its exact codebase version, what vulnerabilities does it have, and who was the last developer to modify its configuration?"

• Enabling the Ecosystem: By making this deeply correlated context queryable, OpsMx acts as the contextual backbone for the entire security operations center (SOC), enriching external alerts and triggering automated playbooks across the enterprise.