👋 Welcome to Tracee Documentation! To help you get around, please notice the different sections at the top global menu:
- You are currently in the Getting Started section where you can find general information and help with first steps.
- In the Tutorials section you can find step-by-step guides that help you accomplish specific tasks.
- In the Docs section you can find the complete reference documentation for all of the different features and settings that Tracee has to offer.
- In the Contributing section you can find technical developer documentation and contribution guidelines.
Before moving on, please consider giving us a GitHub star ⭐️. Thank you!
Tracee is a runtime security and observability tool that helps you understand how your system and applications behave.
It is using eBPF technology to tap into your system and expose that information as events that you can consume.
Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns.
To learn more about Tracee, check out the documentation.
To quickly try Tracee use one of the following snippets. For a more complete installation guide, check out the Installation section.
Tracee should run on most common Linux distributions and kernels. For compatibility information see the Prerequisites page. Mac users, please read this FAQ.
docker run --name tracee -it --rm \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -v /var/run:/var/run:ro \ aquasec/tracee:latest
For a complete walkthrough please see the Docker getting started guide.
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update helm install tracee aqua/tracee --namespace tracee --create-namespace
kubectl logs --follow --namespace tracee daemonset/tracee
For a complete walkthrough please see the Kubernetes getting started guide.
Find more information on contribution documentation.