This documentation details how to use Tracee to access the features listed below.
- Tracee event collection capabilities only, without involving the detection engine.
- Tracee's unique feature that lets you capture interesting artifacts from running applications, using the --capture flag.
- Tracee is a runtime security detection engine, more than an introspection tool (tracee-ebpf) only. tracee-rules is a rules engine that helps you detect suspicious behavioral patterns in streams of events.
- Tracee integration with other techonologies, like Prometheus.
- Deep Dive
- In depth analysis of specific features and core logic to Tracee's various components.