aquasec/tracee
Tracee is a Runtime Security and Forensics using eBPF
1M+
Tracee uses eBPF technology to tap into your system and give you access to hundreds of events that help you understand how your system behaves. In addition to basic observability events about system activity, Tracee adds a collection of sophisticated security events that expose more advanced behavioral patterns. Tracee provides a rich filtering mechanism that allows you to eliminate noise and focus on specific workloads that matter most to you.
Key Features:
To learn more about Tracee, check out the documentation: https://aquasecurity.github.io/tracee/latest/docs/overview/
The GitHub repository can be found here: https://github.com/aquasecurity/tracee
Tracee is licensed under Apache 2.0.
docker pull aquasec/tracee