Tracee uses the latest eBPF technology to observe system activity directly from the operating system kernel. With full coverage of Linux system calls, complemented by an additional set of custom security events, Tracee provides high quality, accurate results.

Tracee has used eBPF since inception and collects 330 syscalls (and other non syscall events) right out of the box. Unlike solutions built on kernel modules, eBPF is safe and fast. And Tracee uses cutting edge eBPF features to prevent evasion by attackers.

Curated behavioural indicators identify defence evasion techniques, as defined in the MITRE Att&CK framework, based on the events collected by the Tracee’s eBPF engine. Indicators include activity such as fileless execution, anti-debugging and kernel module loading.

Deploying Tracee with Kubernetes and Docker is a simple “kubectl create” or “docker run” command. Run Tracee with and without BTF support and enjoy maximum portability for different Linux versions using CO:RE mode. Send Tracee data to external notification tools such as Slack or GitHub Actions via projects such as Postee.

Use filters to customise where to look for events within specific clusters, containers and hosts. Capture artefacts such as network packets and executables for further analysis only from the most meaningful locations. View insights easily from output templates ranging from JSON files to a GO template for customisation.

Tracee is the eBPF engine behind industry-first commercial capabilities of the Aqua Platform such as Dynamic Threat Analysis (DTA), the container sandbox, and Cloud Native Detection and Response (CNDR). DTA, CNDR and Tracee are the only solutions in the industry to combine behavioural indicators from a dedicated cloud native security research team, Nautilus, with eBPF events for real-time threat detection in runtime.

Aqua Security enables Catalyst Cloud customers to securely build, scale and automate cloud-native applications as well as ensure that controls, configurations, and account settings across their environments conform to security best practices and compliance requirements.

Aqua facilitates security and DevOps collaboration for the cloud-native journey, embeds security and assurance into Cloud build and artefact pipelines, validates and remediates Cloud infrastructure configurations, and protects workloads at runtime - including detecting malware, unauthorised changes to images, code injection, and supply chain attacks."

If you'd like to talk with someone about how best to tackle your problem just call our team right here in New Zealand on 0800 2282 5683 or send us an email. We'll hook you up with the best people to help. Or see our wide range of Cloud Computing services.