Cilium developers are happy to contribute Tetragon, Cilium's new component
enabling powerful, eBPF-based Security Observability and Runtime
Enforcement.
Tetragon detects and is able to respond in real time to security-significant
events, such as
* Process execution events
* Changes to privileges and capabilities
* I/O activity including network & file access
When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that
is, it understands Kubernetes identities such as namespaces, pods and
so-on - so that security event detection can be configured in relation
to individual workloads.
For more details and examples please see README.