In the dynamic landscape of Kubernetes network security, it is necessary to be cautious. Tetragon is an eBPF-based Security Observability and Runtime Enforcement tool that integrates with Parseable, a lightweight, high-performance log analytics tool. This post walks you through how to extract and analyse network connections effectively in Parseable using Tetragon. We'll explore how to trigger an alert in the event of outbound connections occurring from the running pod.

After establishing our production environment, we expect that the application won’t need to download additional files. If the pod executes commands like curl or wget, Parseable will generate an alert message.

We released pb, a modern, fast and intuitive CLI for log management couple of months ago. pb is built for developers who like the comfort of their terminal. Log data is primarily textual, and hence it was important that pb is pluggable via the linux pipe | to other text manipulation tools like grep, awk, sed etc.

In this post, we will see how pb can be used to wrangle log data in the terminal. We'll also explore the new pb tail command to see how it can be used to tail logs in the terminal.

Engineers often run into the issue of reproducibility of an issue. Something that happens at one location is hard to reproduce at another location. More often so, for SREs and DevOps folks whose jobs revolve around several moving parts.

Folks at Fiberplane saw this problem and decided to solve it. Fiberplane provides collaborative notebooks for incident debugging, post-mortem, runbooks and general DevOps debugging. Much like Jupyter Notebooks, Fiberplane allows creating a single interface that let's users interact with a wide variety of observability tools and build shareable notebooks, via a highly extensible plugin system.

In this blog post, we'll delve into Fiberplane and explore the synergistic power of using Parseable as a data provider within the Fiberplane ecosystem.

In our previous post Get started with eBPF log analytics in your Kubernetes cluster, we saw how to ingest Tetragon logs in Parsable and generate alerts when a sensitive file like /etc/passwd is accessed by an unauthorized pod. However, it is time-consuming and generally difficult to work with large volume of raw logs. Visualizing logs in a dashboard helps better identify patterns.

This post is a continuation of the previous post. In this post, we will see how to visualize the eBPF logs in Grafana.

Introduction​

Traditionally Linux kernel has been one of the best places to implement security and observability features, but also very difficult in practice, because you can't add new features to the kernel. eBPF changes this by securely enhancing the Kernel functionality at runtime. eBPF allows sandboxed programs to be executed in the Linux kernel without changing the kernel source code or requiring a reboot. It extends the Linux kernel at runtime.

This means, now you have the power of the Linux kernel at your fingertips. You can write programs that can be executed in the kernel, and you can do it without changing the kernel source code or requiring a reboot.

Logging is one of the key benefactors of this new technology. You can now enable kernel level log observability with eBPF - capture events like network access, file access and much more. This is a game changer for cloud native applications, as it allows you to get deep insights into your application, without having to change your application code.

In this post, we'll explore the integration of Tetragon with Parseable. We'll also examine a very specific use-case for auditing and alerting sensitive file access in Kubernetes.

Introduction​

Generative AI has been making waves recently, and we're excited to announce how we've used OpenAI to bring Natural Language-based SQL generation to Parseable. In this blog post, we'll delve into the technical aspects of this feature, its potential applications, and what lies ahead on our development roadmap.

Audit logs are core components of security and observability in Kubernetes. This post explains how to ingest and store Kubernetes audit logs in Parseable. Additionally, we'll see how to setup alerts on these logs to get notified when a specific event occurs. In this example, we'll setup an alert to get notified when a user (service-account) accesses a secret.

pb is a command line tool designed to fit developer's toolkit and help debug issues faster. You can point pb to a Parseable for instance, query and analyze logs, directly from the comfort of command line. The focus is to meet the users where they are, and not force them to switch contexts into different dashboards. pb is written in Go and available as a single static binary for all the major platforms.

Logging agents collect, transform and send log event data to a centralized location for analysis. This blog will focus on Vector logging agent for log ingestion in the Parseable log analytics engine.

While working with Kubernetes, Developers and DevOps engineers need to know how to troubleshoot and find issues in the application. Logs are one of the key aspects for identifying issues and failures.