Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
This project is a specialized toolset for profiling kernel latency, analyzing tracepoint frequency, and monitoring system-wide performance data. It functions as a kernel performance profiler, tracepoint analyzer, and a collection of utilities for the Linux ftrace and perf_events subsystems. The toolkit provides high-level abstractions via shell-scripted wrappers to manage complex kernel tracing interfaces. It distinguishes itself through the use of bucket-based event histograms to visualize the distribution of kernel events and the ability to identify functions exceeding specific latency thre
cAdvisor is a container resource monitoring agent and performance analyzer that collects and exports CPU, memory, network, and disk usage statistics from running containers. It functions as a telemetry tool for discovering containers across various runtimes and serves as a Prometheus-compatible metrics exporter. The agent distinguishes itself by analyzing Linux control groups to provide visibility into resource consumption and limits. It utilizes kernel perf events and NUMA statistics for low-level hardware performance tracking and diagnostics, and it can identify out-of-memory kill events th
Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
Sysdig is a Linux system observability tool and kernel event analyzer designed for capturing and analyzing kernel-level system calls and operating system events. It functions as a system call tracer and container security monitor, providing deep visibility into the activity of machines, virtual machines, and containers.
الميزات الرئيسية لـ draios/sysdig هي: Kernel Event Tracers, Container Monitoring, Container Inspection Interfaces, Activity Recording, Container Security, Container Observability Tools, System Call Tracing, Trace Recording.
تشمل البدائل مفتوحة المصدر لـ draios/sysdig: falcosecurity/falco — Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and… brendangregg/perf-tools — This project is a specialized toolset for profiling kernel latency, analyzing tracepoint frequency, and monitoring… google/cadvisor — cAdvisor is a container resource monitoring agent and performance analyzer that collects and exports CPU, memory,… cilium/tetragon — Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments.… inspektor-gadget/inspektor-gadget — Inspektor Gadget is an eBPF observability toolset and program framework designed for tracing Linux systems and… nicolargo/glances — Glances is a cross-platform system monitoring tool designed to track real-time resource usage and hardware health…