tracee

package module
v0.21.0-rc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2024 License: Apache-2.0 Imports: 1 Imported by: 1

README

Tracee Logo

Before moving on, please consider giving us a GitHub star ⭐️. Thank you!

About Tracee

Tracee is a runtime security and observability tool that helps you understand how your system and applications behave.
It is using eBPF technology to tap into your system and expose that information as events that you can consume.
Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns.

To learn more about Tracee, check out the documentation.

Quickstart

To quickly try Tracee use one of the following snippets. For a more complete installation guide, check out the Installation section.
Tracee should run on most common Linux distributions and kernels. For compatibility information see the Prerequisites page. Mac users, please read this FAQ.

Using Docker

docker run --name tracee -it --rm \
  --pid=host --cgroupns=host --privileged \
  -v /etc/os-release:/etc/os-release-host:ro \
  -v /var/run:/var/run:ro \
  aquasec/tracee:latest

For a complete walkthrough please see the Docker getting started guide.

On Kubernetes

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm install tracee aqua/tracee --namespace tracee --create-namespace
kubectl logs --follow --namespace tracee daemonset/tracee

For a complete walkthrough please see the Kubernetes getting started guide.

Contributing

Join the community, and talk to us about any matter in the GitHub Discussions or Slack.
If you run into any trouble using Tracee or you would like to give use user feedback, please create an issue.

Find more information on contribution documentation.

More about Aqua Security

Tracee is an Aqua Security open source project.
Learn about our open source work and portfolio here.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var RegoHelpersCode string

Functions

This section is empty.

Types

This section is empty.

Directories

Path Synopsis
api module
cmd
libbpfgo module
pkg
bufferdecoder
Package bufferdecoder implements simple translation between byte sequences and the user-defined structs.
Package bufferdecoder implements simple translation between byte sequences and the user-defined structs.
cmd
events
Invoked tracee-ebpf events from user mode
Invoked tracee-ebpf events from user mode
events/queue
package queue defines the interface and and implementation of a queue for events storage.
package queue defines the interface and and implementation of a queue for events storage.
events/sorting
Package sorting is responsible for sorting incoming events from the BPF programs chronologically.
Package sorting is responsible for sorting incoming events from the BPF programs chronologically.
k8s
k8s/apis/tracee.aquasec.com/v1beta1
+kubebuilder:object:generate=true +groupName=tracee.aquasec.com
+kubebuilder:object:generate=true +groupName=tracee.aquasec.com
signatures
helpers Module
tests
tracee-ebpf module
external Module
test/gob Module
tracee-rules module
types module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL