• Product

      Product

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary Webinars Whitepapers Workshops Latest Blogs Documentation
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost
      Next-Gen AppSec Series
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
  • LOGIN
Cisco Logo Deepfactor is now part of Cisco | Learn more
Learn more
Deepfactor Logo
  • Product

      Product

      Use Cases

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary
      Webinars Whitepapers Workshops Latest Blogs Documentation
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps
      Whitepaper
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
LOGIN
Deepfactor's Application Security Platform will no longer be offered for sale or renewal effective September 20, 2024.

Getting Started

  • QuickStart Guide
  • Install Deepfactor CLI
  • Deepfactor Support Matrix

Tutorials

  • SBOM & SCA
    • Artifact Releases
    • Deepfactor Scanner
    • Integrate Deepfactor scanner in your CI/CD pipelines
    • Scanning container images from private registries using Deepfactor CLI
    • Scan container images in K8s cluster
      • Scanning images from private registries in K8s cluster using Deepfactor
      • Scanning container images from private registries with basic authentication support in K8s
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS Fargate
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS EC2
  • Runtime Security
    • Introduction to Deepfactor Runtime Security
    • Deepfactor CLI Reference
    • Kubernetes workload
      • Run your Kubernetes workload with Deepfactor
      • Install Deepfactor Mutating Webhook
      • Configure Deepfactor Kubernetes admission webhook
      • Install Deepfactor K8s webhook on EKS Fargate
      • Selecting the pods you want to run with Deepfactor
      • Configuring application name, component name and component version in K8s webhook
      • Install Deepfactor mutating admission webhook using Argo CD
      • Install Deepfactor portal & webhook using Argo CD and vault
      • Use image pull secret for Runtime images
    • Containers/Other orchestration platforms
      • Run your Container Images with Deepfactor
      • Run containers in ECS with Deepfactor
    • Non-containerized workloads
      • Running non-containerized applications with Deepfactor

Deepfactor Platform

  • Introduction to Deepfactor
  • Alert Policies
  • Alert States and Triaging Flows
  • Deepfactor’s Correlation Capabilities
  • Organization and Teams
  • Role Based Access Control
  • Insights Knowledge Base
    • Privilege Separation and Privilege Dropping
    • Buffer Overflow Alerts
  • Knowledge Base
    • Deepfactor scan errors
    • K8s Webhook & Runtime Troubleshooting Guide
    • Tools for viewing CycloneDX and SPDX SBOMs
    • Graceful handling of pod restarts
    • Deepfactor telemetry events
    • Deepfactor Instrumentation Warning Messages
    • Best Practices for running your applications with Deepfactor in production environments
    • Golang Specific Notes
    • How to access Deepfactor Portal in different AWS subnet types
    • How the Deepfactor Management Portal Communicates With The Outside World
    • Language Specific Agents (LSA)
    • Mixed libc environments
    • Sensitive Information and Secrets in Process Environment Remediation
    • Running HAProxy with Deepfactor
    • Augmenting Alert Evidence with Runtime Stack Traces
  • FAQs
    • General FAQs
    • Open Source Disclosure

Integrations

  • Single Sign On (SSO) for authentication to Deepfactor
  • Integrate Jira with Deepfactor
  • Integrate Slack with Deepfactor
  • Okta
  • Deepfactor HTTPS webhook

Self managed Deepfactor portal

  • Deepfactor Portal architecture & deployment options
  • Install Self managed Deepfactor portal
    • Kubernetes Cluster
      • Prerequisites for deploying Deepfactor portal in Kubernetes Cluster
      • Deploying Deepfactor Portal in your Kubernetes Cluster
      • Install Deepfactor portal using Helm
      • Customizing Deepfactor portal deployment
        • Customizing your Deepfactor Portal Deployment in K8s
        • Deploy Deepfactor Portal With Resource Limits
        • Deploying Deepfactor Portal using external IP
        • Deepfactor Portal Installation with Existing Ingress Controller
    • AWS EC2
      • Prerequisites for installing Deepfactor Portal in AWS Cloud
      • Deploying Deepfactor on AWS using CFT
      • Install AWS Certificate Manager(ACM) certificate on Deepfactor portal EC2 instance
    • VMWare vSphere
      • Deepfactor Portal Proxy Configuration for OVA deployments
      • Prerequisites for deploying Deepfactor portal in VWware vSphere
      • Deploying Deepfactor on VMware vSphere
  • Manage Deepfactor Portal
    • Using Deepfactor APIs
    • Managing Users
    • Updating your Deepfactor Portal
    • Updating Deepfactor portal certificate
  • Deepfactor Portal Certificate
    • Generate certificate using cert-manager for Deepfactor portal
    • Create self-signed certificate for Deepfactor Portal on your K8s cluster
    • Create AWS Private CA Certificate for Deepfactor Portal on your K8s cluster
    • Create Let’s Encrypt certificate for Deepfactor Portal on your K8s cluster

Release Notes

  • Deepfactor Release Notes
  • Home
  • Docs
  • Deepfactor Platform
  • Knowledge Base

Augmenting Alert Evidence with Runtime Stack Traces

The Deepfactor management portal collects stack trace (‘backtrace’) information for each event that triggers an alert. Typically, Deepfactor is able to show some contextual data from the stack trace information such as the address or module in the trace.

If you have access to symbolic debugging information, such as debuginfo packages, or build artifacts that include debugging information, you can upload this data to the management portal and benefit from additional information and insights.

If the portal does not have symbolic debugging information available for a given stack trace, the following information is shown for each individual stack trace frame:

  • The address in the process of the stack frame
  • The function name (if the executable is not stripped)
  • The module containing the function
  • The offset into the function

If the portal does have symbolic debugging information available for a given stack trace, the following information is shown for each individual stack trace frame:

  • The address in the process of the stack frame
  • The function name
  • The module name and path containing the function
  • The offset into the function
  • The source filename
  • The source line number

Below is an example stack trace for which the management portal did not have symbolic debugging information:

0x7ea5 (/usr/lib64/libpthread-2.17.so)
0xfe9fd (/usr/lib64/libc-2.17.so)

Following is an example stack trace for which the management portal did have symbolic debugging information:

0x40068b(/home/user/app.c:16:0)[main + 0x64]
0x400627(/home/user/app.c:7:0)[main + 0x0]

 

Follow the steps below to upload symbolic debugging information to the management portal: #

  1. First, locate any component by navigating to the “Components” view of any application in the management portal (the component selected does not have to be the component for which symbols are being uploaded).
  2. Next, in the upper right of the portal, click “Upload binary with symbols.”
  3. Follow the instructions to upload one or more binary executables/libraries which contain symbolic debugging information.
  4. Finally, re-run the component to produce augmented stack trace information.

Note: Uploading symbolic debugging information will not augment any existing stack traces in alerts previously gathered.

 

Installing debug symbols for OS/distribution-provided binaries #

Note: Installing debug symbols for OS/distribution-provided binaries requires the ability to log into the Deepfactor management portal as the ‘dfadmin’ user (created during initial management portal setup). If you do not have this access, contact your Deepfactor management portal administrator for help.

Installing symbolic debugging information for OS-provided binaries (such as libc and other base system libraries and executables) can provide useful insight into application behavior by providing symbolic stack trace information when an application enters a system binary/component. To install symbolic debugging information for OS-provided binaries, follow the steps below:

  1. Obtain and install (locally, in any convenient VM or machine) the debuginfo package for the library/executable you wish to provide symbolic stack information for. The process to install debuginfo packages varies based on which distribution you are using (for example, on CentOS/RHEL distributions, debuginfo-install is used, while on Debian/Ubuntu distributions, you will need to configure a ‘ddebs’ repository and install a package whose name typically ends with the characters ‘-dbg‘).
  2. Obtain and install (locally, in any convenient VM or machine) the binary package matching the debuginfo package installed in step 1.
  3. scp (secure copy) the debuginfo binary and the non-debuginfo binary to the Deepfactor management portal using the ‘dfadmin’ user. The ‘binary’ is the .so file or executable(s) installed in steps 1-2.
  4. Log in to the Deepfactor management portal as ‘dfadmin’ (using ssh)
  5. Use the following command to compute the hash of the non-debuginfo binary copied (where ‘binary_file’ is the name of the binary copied in step 3)
  6.  /opt/deepfactor/bin/symbolsvc -gethash binary_file
  7. Using the the from Step 6 (a SHA256 hash), copy the debug binary to the following location with ‘HASH’ as the output from Step 6 (where ‘debug_binary’ is the debuginfo binary copied in step 3).
     sudo cp debug_binary  /opt/deepfactor/symbols/customer/hv1/HASH

    Note: if /opt/deepfactor/symbols/customer/hv1 does not exist, use the following command to create it:

    sudo mkdir -p /opt/deepfactor/symbols/customer/hv1
  8. (optional) remove the non-debuginfo binary copied in step 3

You may now advise your developers that any stack traces that enter the binary configured above will have symbolic stack trace information displayed.

Note: OS-provided binaries such as libc frequently change/are updated. You will need to perform the preceding steps each time a new library version is installed.

Was this article helpful?
Still stuck? How can we help?

How can we help?

Updated on May 30, 2023
Running HAProxy with Deepfactor

Powered by BetterDocs

Table of Contents
  • Follow the steps below to upload symbolic debugging information to the management portal:
  • Installing debug symbols for OS/distribution-provided binaries
Deepfactor Icon

Deepfactor is a next-gen application security platform, using static container scan data + runtime analysis to prioritize vulnerabilities to those representing true risk to a business—based on reachability, runtime usage, deployment context, and exploit maturity.

Product Pricing Resources Company Documentation Login

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up
LinkedIn Icon YouTube Icon GitHub Icon Twitter Icon

© 2025 Deepfactor, Inc. All Rights Reserved.

Privacy Statement | Terms of Service | Open Source Disclosure