aquasec/tracee

By aquasec

Updated about 23 hours ago

Tracee is a Runtime Security and Forensics using eBPF

Image

1M+

alt text

Overview

Tracee uses eBPF technology to tap into your system and give you access to hundreds of events that help you understand how your system behaves. In addition to basic observability events about system activity, Tracee adds a collection of sophisticated security events that expose more advanced behavioral patterns. Tracee provides a rich filtering mechanism that allows you to eliminate noise and focus on specific workloads that matter most to you.

Key Features:

  • Kubernetes native installation
  • Hundreds of default events
  • Ships with a basic set of behavioral signatures for malware detection out of the box
  • Easy configuration through Tracee Policies
  • Kubernetes native user experience that is targetted at cluster administrators

Resources

To learn more about Tracee, check out the documentation: https://aquasecurity.github.io/tracee/latest/docs/overview/

The GitHub repository can be found here: https://github.com/aquasecurity/tracee

License

Tracee is licensed under Apache 2.0.

Docker Pull Command

docker pull aquasec/tracee