NGC Catalog

CLASSIC

Welcome Guest

For copy image paths and more information, please view on a desktop device.

Description

DOCA Argus utilizes Bluefield DPU for real-time, hardware-level memory forensics, ensuring robust, integrated security for AI workloads and microservices without impacting performance or requiring host agents.

Publisher

NVIDIA

Latest Tag

1.0.0-doca3.1.0

Modified

September 3, 2025

Compressed Size

275.67 MB

Multinode Support

Multi-Arch Support

1.0.0-doca3.1.0 (Latest) Security Scan Results

Linux / arm64

Introduction

DOCA Argus - A DOCA service running on the NVIDIA BlueField networking platform, to immediately detect, and allow responding to, attacks minimizing their potential impact and risk. The DOCA Argus framework provides real time situational awareness and runtime threat detection by inspecting host memory using advanced memory forensics. Live machine introspection is performed at the hardware level, analyzing specific snippets of volatile host memory, to monitor threats in real time without impacting system performance. DOCA Argus does not violate privacy as information is extracted from kernel structures only. Unlike conventional tools, Argus runs independently of the host, requiring no agents, integration or reliance on host-based resources. This agentless, zero-overhead design enhances system efficiency and ensures resilient security in any compute environment, including bare-metal, virtualized, containerized and multi-tenant infrastructures. By operating outside the host, isolated, in its own trust domain, DOCA Argus remains invisible to attackers — even in the event of a system compromise.

Cybersecurity professionals can seamlessly integrate DOCA Argus with their SIEM, SOAR and XDR security platforms, enabling continuous monitoring, incident response, and automated threat mitigation while extending their existing cybersecurity capabilities into other environments (i.e., AI infrastructure).

NVIDIA BlueField is a foundational security component for every AI factory and AI cloud, providing built-in, data-centric protection for AI workloads at scale. By combining BlueField’s acceleration capabilities with DOCA Argus’ proactive threat detection, cloud service providers and enterprises can secure AI factories without compromising performance or efficiency.

A single BlueField card with DOCA Argus is to monitor an entire node.

my photo

Installation and Getting Started

All preparation steps are listed under :DOCA's Container Deployment User Guide.

Note: The DOCA Service container is configured for K8S-based deployment, hence the use of the docker pull command is discouraged.

Preparation steps for the DOCA Service

As explained in the service's documentation, there are some resource allocation steps needed before the service can be executed. It is recommended to go over the service's user guide and follow the instructions that match the DPU on which the service will be deployed.

Adjusting the .yaml configuration

The .yaml configuration for our container is doca_argus.yaml.

Note: The file is stored with the rest of the .yaml configurations as were pulled from NGC in the previous steps (See "Installation and Getting Started").

The main environment variables that should be adjusted according to the setup are the following:

SERVICE_CONFIG_FILE - Full service configuration file, options are either a "default" config file or customized config file placed under /etc/argus or the yaml content string (presented by default in the downloaded yaml)
Configuring telemtry - FluentBit is integrated into the Argus service telemetry system to handle the export of telemetry data. This integration ensures that logs and metrics are efficiently collected and forwarded to the desired destinations for analysis and monitoring.

Note: The integration from Argus service to FluentBit is locally, after that FluentBit can be configured to send the data to end destination or be a proxy for another FluentBit with additional security among them. Check resources page for FluentBit configuration examples

Spawning the container

Simply copy the doca_argus.yaml file to the /etc/kubelet.d directory. Kubelet will automatically pull the container image from NGC, and spawn a pod executing the container. The DOCA Argus service will start executing right away.

# View currently active pods, and their IDs (it might take up to 20 seconds for the pod to start)
crictl pods

# View currently active containers, and their IDs
crictl ps

# Examine logs of a given container
crictl logs 

# Examine kubelet logs, in case something didn't work as expected
journalctl -u kubelet

Please refer to the documentation for more information.

Documentation

The DOCA Argus Service Guide is available here.

License & EULA

DOCA is licensed under the NVIDIA DOCA License. By pulling and using the container, you accept the terms and conditions of this license.

Technical Support

Use the NVIDIA Developers forum for questions regarding this Software.