Capabilities Monitoring

Monitor and record capabilities checks conducted by the kernel on behalf of applications during privileged operations.⁠

Thumbnail for video about Capabilities Monitoring

Bring Transparency to Privileged Operations

Processes running with high privileges or elevated capabilities can pose security risks, as they may bypass critical security controls or perform unauthorized actions. For example, misconfigured Kubernetes workloads might unintentionally request overly broad privileges, increasing the risk of exploitation. Identifying which processes are using elevated privileges and understanding the capabilities they require is essential for maintaining a secure environment. Security teams often struggle to identify and manage the precise capabilities required by applications running in Kubernetes environments and Linux capabilities are often granted too broadly due to a lack of visibility into what each workload truly needs.

Tetragon empowers security teams to observe and record Linux capability checks in real time, providing deep visibility into the privileged operations performed within Kubernetes environments. When the kernel evaluates whether a process can perform a privileged action, Tetragon captures these events, recording metadata such as the requested capability, the process identity, and the verdict—whether access was granted or denied. This comprehensive data helps teams understand the precise capabilities in use, enabling fine-tuned control over security contexts for pods and containers and ​​helping teams identify unnecessary privileges and tighten security configurations across Kubernetes clusters.

Tetragon empowers security team to detect and prevent privilege abuse

  • Real-Time Privilege Monitoring

    Observe and record Linux capability checks in real time, gaining visibility into privileged operations.

  • Context-Rich Capability Insights

    Capture metadata such as requested capabilities, process identity, and access verdicts for precise analysis.

  • Enhanced Kubernetes Security

    Fine-tune security contexts for pods and containers by identifying unnecessary privileges and misconfigurations.

  • Proactive Privilege Management

    Reduce risks by understanding and managing the exact capabilities required by workloads in Kubernetes environments.