In today’s episode, we dive deep into Tracee by Aqua Security, an open source eBPF-based runtime security tool for Kubernetes clusters.
Tracee allows Kubernetes administrators to monitor runtime behavior at a granular level. You’ll see how Tracee’s eBPF probes capture kernel events, how to structure policies, and the type of event data Tracee produces. We'll walk through the categories of Tracee events—such as syscalls, network traffic, and built-in security signatures—and explore the configuration options, including custom event filters, data output formats, and Prometheus metrics support.
What You’ll Learn:
- Introduction to Tracee: Understand the fundamentals of Tracee and its role in runtime security.
- Tracee Policy Configuration: Learn how to set up custom policies in Tracee to detect specific events and enforce your security rules.
- Observability in Tracee: Discover the rich details Tracee provides for each event, including process metadata, container details, Kubernetes-specific information, and syscall arguments.
📖 Chapters 📖
-----------------------------
00:00 Welcome
01:41 Introduction to Tracee
07:30 Tracee Policy overview
14:45 Observability with Tracee
17:25 Conclusion
-----------------------------
🔗 Useful links
GitHub tutorial: https://dt-url.net/bt03uz4
Tracee: https://aquasecurity.github.io/tracee/latest/
Tracee configuration file : https://github.com/aquasecurity/tracee/blob/main/examples/config/global_config.yaml
Security signature: https://aquasecurity.github.io/tracee/latest/docs/events/builtin/signatures/
Network Signature: https://aquasecurity.github.io/tracee/latest/docs/events/builtin/network/
Syscalls: https://aquasecurity.github.io/tracee/latest/docs/events/builtin/syscalls/
Dynatrace Trial: https://bit.ly/3KxWDvY
Blog: https://isitobservable.io/observability/kubernetes/unlock-the-power-of-tracee-real-time-kubernetes-security-with-ebpf
🔬 Want to learn more about tools that the cloud-native pros use? Check out the full list of my favorites over here on this YouTube playlist: https://www.youtube.com/playlist?list=PL6VBQyIvTlRjAMeeZN5yfD07X8DdYonnI
Check out ALL my observability secrets, tips, and tricks in my blog: https://isitobservable.io/
👉✅ Stay connected with me!
Twitter: https://twitter.com/IsitObservable
LinkedIn: https://www.linkedin.com/company/isitobservable
IsItObservable is powered by Dynatrace’s own developer relations team. Subscribe to get observability reviews, tips and tricks, and tutorials tested by cloud-native experts. I review, test, and share results to help you succeed with platform engineering and observability.