Skip to content

gichoel/tracee

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Tracee Logo

GitHub release (latest by date) License docker

Tracee: Runtime Security and Forensics using eBPF

Tracee uses eBPF technology to tap into your system and give you access to hundreds of events that help you understand how your system behaves. In addition to basic observability events about system activity, Tracee adds a collection of sophisticated security events that expose more advanced behavioral patterns. You can also easily add your own events using the popular Rego language. Tracee provides a rich filtering mechanism that allows you to eliminate noise and focus on specific workloads that matter most to you.

To learn more about Tracee, check out the documentation.

Quickstart

You can easily start experimenting with Tracee using the Docker image as follows:

docker run \
  --name tracee --rm -it \
  --pid=host --cgroupns=host --privileged \
  -v /etc/os-release:/etc/os-release-host:ro \
  -v /boot/config-$(uname -r):/boot/config-$(uname -r):ro \
  aquasec/tracee:$(uname -m)

To learn how to install Tracee in a production environment, check out the Kubernetes guide.


Tracee is an Aqua Security open source project.
Learn about our open source work and portfolio Here.
Join the community, and talk to us about any matter in GitHub Discussion or Slack.

About

Linux Runtime Security and Forensics using eBPF

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 79.5%
  • C 16.8%
  • Open Policy Agent 1.3%
  • Shell 1.3%
  • Other 1.1%