Skip to main content

3 posts tagged with "tetragon"

View All Tags

Get Started with eBPF Network Log Analytics in your Kubernetes Cluster

· 6 min read
Neependra Khare
Guest Author

In the dynamic landscape of Kubernetes network security, it is necessary to be cautious. Tetragon is an eBPF-based Security Observability and Runtime Enforcement tool that integrates with Parseable, a lightweight, high-performance log analytics tool. This post walks you through how to extract and analyse network connections effectively in Parseable using Tetragon. We'll explore how to trigger an alert in the event of outbound connections occurring from the running pod.

Visualize eBPF logs with Parseable and Grafana

· 6 min read
Pratiksha Patel
Guest Author

In our previous post Get started with eBPF log analytics in your Kubernetes cluster, we saw how to ingest Tetragon logs in Parsable and generate alerts when a sensitive file like /etc/passwd is accessed by an unauthorized pod. However, it is time-consuming and generally difficult to work with large volume of raw logs. Visualizing logs in a dashboard helps better identify patterns.

This post is a continuation of the previous post. In this post, we will see how to visualize the eBPF logs in Grafana.

Get started with eBPF log analytics in your Kubernetes cluster

· 8 min read
Pratiksha Patel
Guest Author
Aldrin Jenson
Guest Author

Traditionally Linux kernel has been one of the best places to implement security and observability features, but also very difficult in practice, because you can't add new features to the kernel. eBPF changes this by securely enhancing the Kernel functionality at runtime. eBPF allows sandboxed programs to be executed in the Linux kernel without changing the kernel source code or requiring a reboot. It extends the Linux kernel at runtime.

Get Updates from Parseable

Subscribe to keep up with latest news, updates and new features on Parseable