Skip to content


This documentation details how to use Tracee to access the features listed below.


  • Tracing
    • Tracee event collection capabilities only, without involving the detection engine.
  • Capturing
    • Tracee's unique feature that lets you capture interesting artifacts from running applications, using the --capture flag.
  • Detecting
    • Tracee is a runtime security detection engine, more than an introspection tool (tracee-ebpf) only. tracee-rules is a rules engine that helps you detect suspicious behavioral patterns in streams of events.
  • Integrating
    • Tracee integration with other techonologies, like Prometheus.
  • Deep Dive
    • In depth analysis of specific features and core logic to Tracee's various components.