Runtime Security using Tracee: A walk-through Explainer Demo
Do you want to know what your applications are doing at runtime? eBPF is a Linux kernel technology that is revolutionizing the security world with easy, safe and flexible instrumentation of the operating system.
In this talk we will see how Tracee helps you gain visibility into your workloads via the operating system using eBPF, and then use this information to detect suspicious behavior.
Tracee not only facilitates raw data collection using eBPF, but also offers a rich rule engine for expressing behavioral signatures using OPA (Open Policy Agent). We demonstrate how to use Tracee to collect raw data, detect suspicious behavior and write basic signatures.