/docs/use-cases/ Recent content in Use Cases on Tetragon - eBPF-based Security Observability and Runtime Enforcement Hugo en /docs/use-cases/filename-access/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/use-cases/filename-access/ This page shows how you can create a tracing policy to monitor filename access. For general information about tracing policies, see the tracing policy page. There are two aspects of the tracing policy: (i) what hooks you can use to monitor specific types of access, and (ii) how you can filter at the kernel level for only specific events. Hooks There are different ways applications can access and modify files, and for this tracing policy we focus in three different types. /docs/use-cases/network-observability/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/use-cases/network-observability/ To view TCP connect events, apply the example TCP connect TracingPolicy: kubectl apply -f https://raw.githubusercontent.com/cilium/tetragon/main/examples/tracingpolicy/tcp-connect.yaml To start monitoring events in the xwing pod run the Tetragon CLI: kubectl logs -n kube-system -l app.kubernetes.io/name=tetragon -c export-stdout -f | tetra getevents -o compact --namespace default --pod xwing In another terminal, start generate a TCP connection. Here we use curl. kubectl exec -it xwing -- curl http://cilium.io The output in the first terminal will capture the new connect and write,