Skip to content

Tracee Logo >

Before moving on, please consider giving us a star ⭐️ by clicking the button at the top of the GitHub page

Navigating the Documentation

👋 Welcome to Tracee Documentation! To help you get around, please notice the different sections at the top global menu:

  • You are currently in the Getting Started section where you can find general information and help with first steps.
  • In the Tutorials section you can find step-by-step guides that help you accomplish specific tasks.
  • In the Docs section you can find the complete reference documentation for all of the different features and settings that Tracee has to offer.
  • In the Contributing section you can find technical developer documentation and contribution guidelines.

Tracee: Runtime Security and Forensics using eBPF

Tracee uses eBPF technology to tap into your system and give you access to hundreds of events that help you understand how your system behaves. In addition to basic observability events about system activity, Tracee adds a collection of sophisticated security events that expose more advanced behavioral patterns. Tracee provides a rich filtering mechanism that allows you to eliminate noise and focus on specific workloads that matter most to you.

Key Features:

  • Kubernetes native installation
  • Hundreds of default events
  • Ships with a basic set of behavioral signatures for malware detection out of the box
  • Easy configuration through Tracee Policies
  • Kubernetes native user experience that is targetted at cluster administrators

We release new features and changes on a regular basis. Learn more about the letest release in our discussions.

To learn more about Tracee, check out the documentation.

Quickstart

Installation options:

Steps to get started:

  1. Install Tracee in your Kubernetes cluster through Helm
  2. Query logs to see detected events

Next, try one of our tutorials:

  1. Filter events through Tracee Policies
  2. Manage logs through Grafana Loki or your preferred monitoring solution

Example log output in Tracee pod Example log output in Tracee pod

Contributing

Join the community, and talk to us about any matter in the GitHub Discussions or Slack.
If you run into any trouble using Tracee or you would like to give use user feedback, please create an issue.

Find more information on contributing to the source code in the documentation.

Please consider giving us a star ⭐️ by clicking the button at the top of the GitHub page

More about Aqua Security

Tracee is an Aqua Security open source project.
Learn about our open source work and portfolio here.