In today’s episode, we dive deep into Tracee by Aqua Security, an open source eBPF-based runtime security tool for Kubernetes clusters.
Tracee allows Kubernetes administrators to monitor runtime behavior at a granular level. You’ll see how Tracee’s eBPF probes capture kernel events, how to structure policies, and the type of event data Tracee produces. We'll walk through the categories of Tracee events—such as syscalls, network traffic, and built-in security signatures—and explore the configuration options, including custom event filters, data output formats, and Prometheus metrics support.
What You’ll Learn:
- Introduction to Tracee: Understand the fundamentals of Tracee and its role in runtime security.
- Tracee Policy Configuration: Learn how to set up custom policies in Tracee to detect specific events and enforce your security rules.
- Observability in Tracee: Discover the rich details Tracee provides for each event, including process metadata, container details, Kubernetes-specific information, and syscall arguments.
-----------------------------
📖 Chapters 📖
00:00 Welcome
01:41 Introduction to Tracee
07:30 Tracee Policy overview
14:45 Observability with Tracee
17:25 Conclusion
-----------------------------
🔗 Additional Links
GitHub tutorial
Tracee
Tracee configuration file
Security signature
Network Signature
Syscalls
Blog
Dynatrace Trial
-----------------------------
Subscribe to our YT channel
Stay up-to-date with Dynatrace! Follow us on Facebook, Instagram, LinkedIn, Twitter, Twitch
