Use Cases
This section presents various use cases on process, files, network and security monitoring and enforcement.
By default, Tetragon monitors process lifecycle, learn more about that in the dedicated use cases.
For more advanced use cases, Tetragon can observe tracepoints and arbitrary
kernel calls via kprobes. For that, Tetragon must be extended and configured
with custom resources objects named TracingPolicy.
It can then generates process_tracepoint
and process_kprobes
events.
overview category
Process lifecycle
Tetragon observes by default the process lifecycle via exec and exit
overview category
Filename access
Monitor filename access using kprobe hooks
overview category
Network observability
Monitor TCP connect using kprobe hooks
overview category
Linux process credentials
Monitor Linux process credentials
overview category
Host System Changes
Monitor Host System changes
overview category
Security Profiles
Observe and record security events
Last modified July 11, 2023: docs: reorganize the doc by creating new use cases section (d4b50bc5)