InfraSight

InfraSight is an observability and auditing platform that uses eBPF to capture low level system events (like execve, open, connect, etc.) and stream them to a ClickHouse backend for high performance analysis. The platform also integrates Kafka as a streaming layer to deliver real time event data to anomaly detection models and the InfraSight Sentinel rule engine, enabling both statistical and rule based detection of abnormal or suspicious system behavior.

It helps platform engineers, SREs, and security teams gain deep visibility into workloads, processes, and container behavior on Linux and Kubernetes alike.

🚀 Key Features

• Fine-grained tracing of Linux syscalls using eBPF
• Real-time gRPC based event delivery
• ClickHouse storage for fast analytics
• Kubernetes-native agent deployment
• CRD-based configuration (via EbpfDaemonSet)
• Extensible probe system
• Machine learning based anomaly detection for syscall frequency and resource usage
• Rules engine (InfraSight Sentinel) for real time threat detection and alerting

👉 Get started here or jump to:

• eBPF Programs
• ClickHouse Schema
• Architecture Overview
• Anomaly detection
• Rule engine
• Kubernetes CRD
• Live Demo