Introduction
Capsule8 is an enterprise Linux protection solution, providing detection and resilience for Linux infrastructure in any environment. We use kprobes and perf to collect system telemetry via distributed agents, which allows us to find and stop attacks and other unwanted activity on Linux systems.
Capsule8 is deployed as a lightweight security detection and response agent that is installed on every Linux server you want to protect. You can deploy it wherever you have Linux – in public or private cloud, containers or VMs, on-prem bare metal, and across different kernel versions and Linux distributions.
With Capsule8 you can:
- Monitor and detect unwanted security events across your enterprise Linux systems
- Integrate the Capsule8 agent (“sensor”) with your existing logging and alerting infrastructure
- Create custom rule sets (“detections”) for detection and response
Overview of components
Sensor
A lightweight agent installed on Linux hosts, collecting events from the hosts to trigger alert generation or automated response
Detections
Sets of detection/response rules that monitor specified resources for a certain set of abnormal activity or conditions
Alerting
The output of detection policies, notifying when systems behaviors violate the specified policy
Console
Capsule8’s optional web interface for sensor configuration, system analytics, and alert output.
Comments
0 comments
Please sign in to leave a comment.