-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated download links for packages in readme file.
- Loading branch information
Showing
1 changed file
with
4 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,9 +12,9 @@ | |
| ## Kernel-based Process Monitoring on Linux Endpoints via eBPF | ||
|
|
||
| ### kflowd runs as agent on Linux endpoints to monitor processes via eBPF kernel subsystem for filesystem and TCP and UDP networking events, enabling immediate threat and anomaly detection on suspicious activities. | ||
| #### Advanced non-ebpf related features such as DNS, HTTP and SYSLOG application message decoding, checksum calculation for virus detection, process and file versioning for vulnerability detection and file device, network interface and user-group identification for files and processes can be enabled via open-binary plugin modules. These modules as well as pre-built kflowd packages can be downloaded from the links below or please contact us at [[email protected]](mailto:[email protected]) for more details. | ||
| - [kflowd binaries and packages (zipped, RPM, DEB)](https://github.com/tarsal-oss/kflowd/actions/workflows/kflowd-ci.yml) | ||
| - [kflowd-plugins packages (RPM, DEB)](https://tarsal.co/kflowd-download/) | ||
| #### Advanced non-ebpf related features such as DNS, HTTP and SYSLOG application message decoding, checksum calculation for virus detection, process and file versioning for vulnerability detection and file device, network interface and user-group identification for files and processes can be enabled via open-binary plugin modules.<br>Pre-built kflowd and kflowd-plugins packages can be downloaded for quick installation from the [Releases](https://github.com/tarsal-oss/kflowd/releases) section. | ||
|
|
||
| If you would like to join our community Slack channel please send an email to [[email protected]](mailto:[email protected]) to receive an invitation. You can also contact us directly at [[email protected]](mailto:kflow@tarsal.co) for any questions. | ||
|
|
||
| kflowd contains an eBPF program running in kernel context and its control application running in userspace.<br> | ||
| The eBPF program traces kernel functions to monitor processes based on file system and networking events. Events are aggregated into records and submitted into a ringbuffer where they are polled by the userspace control application. All Records are enriched with process information and then converted into a message in JSON output format.<br> | ||
|
|
@@ -29,7 +29,7 @@ kflowd runs on Linux kernels 5.10+ and is built with the **libbpf+CO-RE** (Compi | |
|
|
||
| ### JSON Output | ||
|
|
||
| kflowd outputs JSON messages generated for each record of aggregated file system and TCP, UDP networking events and optionally DNS and HTTP application messages in the formats as shown in the following examples: | ||
| kflowd outputs JSON messages generated for each record of aggregated file system and TCP, UDP networking events and optionally DNS, HTTP and SYSLOG application messages in the formats as shown in the following examples: | ||
|
|
||
| <details open> | ||
| <summary> Filesystem Record</summary> | ||
|
|
||