Aqua Blog

ebpf

Unveiling CNDR: eBPF-Based Cloud Native Detection and Response

Unveiling CNDR: eBPF-Based Cloud Native Detection and Response

Today, Aqua announced the addition of a new, industry-leading detection and response capability to its Cloud Native Application Protection Platform (CNAPP), called Cloud Native Detection and Response (CNDR). CNDR uses real-time behavioral indicators from Aqua’s cyber research team, Nautilus, to identify zero-day …

Continue reading ›
The Story of Tracee The Path to Runtime Security Tool

The Story of Tracee: The Path to Runtime Security Tool

eBPF technology is seeing strong growth, being widely adopted in the cloud native ecosystem for monitoring, networking, and security goals. At Aqua, along with being used in commercial products, eBPF powers our open source project Tracee to detect events in running containers.

Continue reading ›
CORE Tracee eBPF

Using CO:RE to Achieve Portable Tracee eBPF Code

One of the biggest challenges of eBPF development is distribution of your eBPF project. With so many different versions of the Linux kernel out in the wild, it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. However, by using CO:RE, a feature of libbpf, this …

Continue reading ›
LSM Hooks with Tracee

Using LSM Hooks with Tracee to Overcome Gaps with Syscall Tracing

Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. By leveraging the advantages of Linux extended Berkeley Packet Filter (eBPF) technology to trace systems and applications at runtime, Tracee analyzes collected events to detect suspicious …

Continue reading ›
Tracee Github Action

Detecting Malicious Activity in CI/CD Pipeline with Tracee

With the growing popularity of CI platforms to build software, bad actors are increasingly looking to exploit these environments to target organizations. In our post about the recent Codecov breach, we explored how an attacker was able to get access to credentials from within the CI/CD pipeline. To prevent this …

Continue reading ›
libbpfgo

How to Build eBPF Programs with libbpfgo

In recent years, I have been I using a project called BCC to compile, load, and interact with my bpf programs. I have recently learned about a better way to build ebpf projects called libbpf. There are a few good resources to use when developing libbpf based programs but getting started can still be quite …

Continue reading ›
vmlinux.h

What is vmlinux.h and Why is It Important for Your eBPF Programs?

eBPF is a powerful and exciting technology that allows developers to add custom code to strategic points in the Linux kernel and interact with it by writing simple C or Go programs. The eBPF programs you write and run can inspect data in the memory of processes they attach to. In order to do so, however, the eBPF …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...