Pulsar is a powerful security tool designed for monitoring Linux devices in real-time, utilizing eBPF technology. Its core modules use eBPF probes to collect events safely and efficiently from the kernel. These events are classified into four main categories: File I/O, Network, Processes, and System Activity. Pulsar’s modular design allows for easy customization and the creation of new modules or rules. To install Pulsar, a kernel version 5.5 or higher with BPF and BTF enabled is required. Once installed, Pulsar actively monitors target processes and compares their activity against defined security policies. It can detect threat events and generate logs accordingly. Pulsar’s working principle involves intercepting application operations at the kernel level, processing them using the rule engine, and emitting threat events if a match is found. There are multiple installation options available, including using the official installation script, pre-built binaries, or building from source. The Pulsar documentation provides comprehensive resources for installation, understanding its architecture, following tutorials, and contributing to the project. Pulsar is licensed under APACHE-2.0 for its userspace code and GPL-2.0 for its eBPF probes.
https://github.com/Exein-io/pulsar