Use Cases
This section presents various use cases on process, files, network and security monitoring and enforcement.
By default, Tetragon monitors process lifecycle, learn more about that in the dedicated use cases.
For more advanced use cases, Tetragon can observe tracepoints and arbitrary
kernel calls via kprobes. For that, Tetragon must be extended and configured
with custom resources objects named TracingPolicy.
It can then generates process_tracepoint and process_kprobes events.
Process lifecycle
Tetragon observes by default the process lifecycle via exec and exit
Filename access
Monitor filename access using kprobe hooks
Network observability
Monitor TCP connect using kprobe hooks
Linux process credentials
Monitor Linux process credentials
Host System Changes
Monitor Host System changes
Security Profiles
Observe and record security events