3 posts tagged with "eBPF"

In the dynamic landscape of Kubernetes network security, it is necessary to be cautious. Tetragon is an eBPF-based Security Observability and Runtime Enforcement tool that integrates with Parseable, a lightweight, high-performance log analytics tool. This post walks you through how to extract and analyse network connections effectively in Parseable using Tetragon. We'll explore how to trigger an alert in the event of outbound connections occurring from the running pod.

In our previous post Get started with eBPF log analytics in your Kubernetes cluster, we saw how to ingest Tetragon logs in Parsable and generate alerts when a sensitive file like /etc/passwd is accessed by an unauthorized pod. However, it is time-consuming and generally difficult to work with large volume of raw logs. Visualizing logs in a dashboard helps better identify patterns.

This post is a continuation of the previous post. In this post, we will see how to visualize the eBPF logs in Grafana.

Traditionally Linux kernel has been one of the best places to implement security and observability features, but also very difficult in practice, because you can't add new features to the kernel. eBPF changes this by securely enhancing the Kernel functionality at runtime. eBPF allows sandboxed programs to be executed in the Linux kernel without changing the kernel source code or requiring a reboot. It extends the Linux kernel at runtime.