在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):aquasecurity/tracee开源软件地址(OpenSource Url):https://github.com/aquasecurity/tracee开源编程语言(OpenSource Language):Go 74.8%开源软件介绍(OpenSource Introduction):Tracee: Runtime Security and Forensics using eBPFTracee is a Runtime Security and forensics tool for Linux. It uses Linux eBPF technology to trace your system and applications at runtime, and analyzes collected events in order to detect suspicious behavioral patterns. It is usually delivered as a docker container, but there are other ways you can use it (even create your own customized tracee container). Watch a quick video demo of Tracee: Check out the Tracee video hub for more videos. DocumentationThe full documentation of Tracee is available at https://aquasecurity.github.io/tracee/dev. You can use the version selector on top to view documentation for a specific version of Tracee. QuickstartBefore you proceed, make sure you follow the minimum requirements for running Tracee.
These docker commands run Tracee with default settings and start reporting detections to standard output. In order to simulate a suspicious behavior, you can simply run:
in another terminal. This will trigger the Anti-Debugging signature, which is loaded by default, and you will get a warning:
TraceIn some cases, you might want to leverage Tracee's eBPF event collection capabilities directly, without involving the detection engine. This might be useful for debugging, troubleshooting, analysising, researching OR education. Execute docker container with the word
ComponentsTracee is composed of the following sub-projects, which are hosted in the aquasecurity/tracee repository:
Tracee is an Aqua Security open source project. Learn about our open source work and portfolio Here. Join the community, and talk to us about any matter in GitHub Discussion or Slack. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论