This site offers informative videos related to Tracee, a runtime security and forensics tool for Linux.
It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.
Tracee Video Playlist
Tracee on GitHub
All Aqua Open Source
Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.
Tracee is delivered as a Docker image that once run, will start to monitor the OS and detect suspicious behavior based on a pre-defined set of behavioral patterns.
This is a quick introduction to ebpf Linux technology. The video is presented by Itay Shakury (@itaysk) from the Open Source team in Aqua Security.
New video on Tracee v 0.5
Tracee is a tool for tracing container and system events as they happen, using eBPF. In this video, Liz (@lizrice) and Itay (@itaysk) discuss why we decided to convert Tracee from Python to Golang.
Yaniv from Aqua's research team demonstrates how to use Tracee to detect system calls and security-related events from the kernel. You can trace events from the host, from a container, or from a specific process.
Aqua’s open source container and system tracing utility, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when looking for hidden malware.
Tracee can provide users with timely insights that previously required special knowledge and tools.
Capturing file write in the system, you can save the data to a given output path. Capturing dynamic code execution can detect malicious activity, even if it was hidden.
You can use Tracee to uncover stealthy malware payload executions automatically, and quickly gain insights to help with remediation.
Yaniv from Aqua's security research team shows how Tracee can capture a fileless execution - that is, executing a program that was written to memory rather than to a file. Tracee captures the content written to memory, and as you can see in this example, that content could be malicious!
Tracee is an open source project for users and contributors. We welcome your contributions to Tracee.
There is a Tracee Quick Start on GitHub which we suggest you explore.
Protect applications from development to production and at scale, with the open source knowledge, capabilities, solutions and investments we openly share.
Aqua open source projects are available on GitHub: https://github.com/aquasecurity
A Kubernetes-native toolkit that combines the results from multiple security tools.
Starboard enables results from select vulnerability scanners, workload auditors, configuration benchmark tests, and pen tests to be incorporated into Kubernetes CRDs and accessible via the Kubernetes API.
Kube-Bench automates the CIS Benchmark for Kubernetes, making it easy for operators to check whether each node in their Kubernetes cluster is configured according to security best practices.
The CIS benchmark document is over 200 pages long, so it would be impractical to run through it all by hand. It includes tests that check the parameters on running Kubernetes executables, and permissions and ownership on config files, looking for settings that would leave a cluster vulnerable to attack.
Kube-Hunter conducts penetration tests against Kubernetes clusters that hunt for exploitable vulnerabilities and misconfiguration - both from outside the cluster as well as inside it (running as a pod).
Vulnerability scanners like Trivy identify whether your container image includes any known vulnerabilities in packages. To do this they need to identify which packages are installed.
In this video, Liz explains how package information can be extracted from package manager files in an image, and why you should be careful about tools that strip out this information in the quest to make images smaller.
Guides and White Papers
Aqua has various levels of educational, best practice, market research and step-by-step guidance to help you and your team quickly adapt your environment to ensure you have the best security available.
Cloud Native Threat Landscape
Aqua's Team Nautilus focuses on cybersecurity research of the cloud native stack.
Understand what’s happening with containers and learn how to secure them with the help of these select resources.
Attackers have good aim and are targeting the explosive growth of containers. Learn how to shift left and increase security without impeding agility.
Dynamic Threat Analysis: a container analysis sandbox that finds hidden risks that only surface when a container is running
DevSecOps: Making it Happen.
Team Nautilus uncovers new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure.
Interested in getting the latest threat alerts sent directly to your inbox?
Fill out the form below to sign-up!