Tetragon
eBPF-based security observability and runtime enforcement: process/exec monitoring, network hooks, and kill primitives integrated with Cilium.
Why it is included
Enterprise-grade open runtime security path when you already run or plan Cilium-based networking.
Best for
Kubernetes clusters needing kernel-level telemetry and selective enforcement policies.
Strengths
- eBPF depth
- Cilium ecosystem
- Grafana integrations
Limitations
- Kernel version/feature requirements; operational complexity
Good alternatives
Falco · Tracee · commercial CWP
Related tools
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.
Security & Privacy
Tracee
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.
Security & Privacy
Inspektor Gadget
CNCF eBPF-based observability for Kubernetes: gadgets for tracing DNS, TCP, exec, and security events from kubectl.
Security & Privacy
YARA
Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
kube-bench
CIS Kubernetes benchmark checker: run checks against nodes, control plane, etcd, and policies with readable reports.