Tracee uses eBPF technology to tap into your system and give you access to hundreds of events that help you understand how your system behaves. In addition to basic observability events about system activity, Tracee adds a collection of sophisticated security events that expose more advanced behavioral patterns. Tracee provides a rich filtering mechanism that allows you to eliminate noise and focus on specific workloads that matter most to you.
Key Features:
- Kubernetes native installation
- Hundreds of default events
- Ships with a basic set of behavioral signatures for malware detection out of the box
- Easy configuration through Tracee Policies
- Kubernetes native user experience that is targetted at cluster administrators
We release new features and changes on a regular basis. Learn more about the latest release in our discussions.
To learn more about Tracee, check out the documentation.
Installation options:
Steps to get started:
- Install Tracee in your Kubernetes cluster through Helm
- Query logs to see detected events
Next, try one of our tutorials:
- Filter events through Tracee Policies
- Manage logs through Grafana Loki or your preferred monitoring solution
Example log output in Tracee pod
Join the community, and talk to us about any matter in the GitHub Discussions or Slack.
If you run into any trouble using Tracee or you would like to give us your feedback, please create an issue.
Find more information on contributing to the source code in the documentation.
Please consider giving us a star ⭐️ by clicking the button at the top of the GitHub page
Tracee is an Aqua Security open source project.
Learn about our open source work and portfolio here.