top of page
image.png

CyVectors Workload Sensor – Before, During, and After Migrations

The WorkloadSensor is a lightweight, background Windows Service designed to bridge the gap between raw system metrics and actionable security intelligence. By combining standard performance counters with an embedded ONNX Machine Learning model, the sensor provides real-time "Workload Indexing" to identify anomalies, resource saturation, and potential security threats.

  • Facebook
  • LinkedIn

Embedded AI

image.png

Sensor Operations

  • Edge AI Scoring Unlike passive monitors, WorkloadSensor utilizes a local ONNX Neural Network (security_model.onnx) to calculate a sophisticated "Workload Score" and "Index" (1-10) directly on the endpoint.

  • Universal Syslog Integration Built for interoperability, the sensor streams telemetry via UDP Syslog (RFC3164) using structured JSON payloads, making it instantly compatible with Splunk, ELK, QRadar, or any standard SIEM.

  • Process-Level Granularity Go beyond host averages. The sensor iterates through every active process to capture specific CPU, Memory, Thread counts, and IO rates, allowing you to pinpoint exactly which application is driving the workload.

  • ML Analysis: The sensor normalizes these metrics and feeds them into the local inference engine (Microsoft.ML.OnnxRuntime). The model evaluates the vector (CPU, Mem, IO, Net, Threads) to assign a risk/load score.

Host Resource Requirements

  • CPU: < 1%

  • Memory(RAM)  < 50MB

  • Disk: < 1MB per day log writes

  • Network: < 1KB/s syslog traffic    

bottom of page