TL;DR In this post, I explain how Tetragon detects process creation and termination using eBPF.🐝 Introduction I was really impressed when I used Tetragon for the first time. Just after deploying Tetragon, it automatically collected process lifecycle events like: I’ve been reading Tetraon’s code to understand its implementaion in kernel-space and user-space programs. Now that… Continue reading Tetragon Process Lifecycle Observation: eBPF Part→
