eBPF-based Security Observability and Runtime Enforcement

Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.


  • Palantir Logo
  • FRSCA Logo
  • GitHub Logo
  • Bell Logo
  • G Research Logo
  • Ripple Logo
  • Nationwide Logo

Revolutionize Your Observability and Security

  • logo for monitor process execution

    Monitor Process Execution

    Observe the complete lifecycle of every process on your machine with Kubernetes context awareness

  • logo for runtime security policies

    Runtime Security Policies

    Translate high level policies for file monitoring, network observability, container security, and more into low overhead eBPF programs

  • logo for real time enforcement

    Real Time Enforcement

    Synchronous monitoring, filtering, and enforcement completely in the kernel with eBPF

How does Tetragon work

diagram showing Tetragon architecture and interfaces