Skip to content

Latest commit

 

History

History
71 lines (50 loc) · 3.61 KB

README.md

File metadata and controls

71 lines (50 loc) · 3.61 KB

Pulsar is an event-driven framework for monitoring the activity of Linux devices at runtime, powered by eBPF.

The Pulsar core modules use eBPF probes to collect events from the kernel in a safe and efficient way. Pulsar events can be categorized in the four main following areas:

  • File I/O: I/O operations on disk and memory.
  • Network: data from the network stack.
  • Processes: processes information, including file execution and file opening.
  • System Activity: device activity, including system calls.

Pulsar is built with a modular design that makes it easy to adapt the core architecture to new use cases, create new modules or write custom rules.

Quickstart

Warning
A kernel 5.5 or higher with BPF and BTF enabled is required. Visit the official Pulsar website for the full requirements and installation options available.

To download, install and run Pulsar, run the following in your terminal.

# Run the installer
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/Exein-io/pulsar/main/pulsar-install.sh | sh

# Launch the pulsar daemon
sudo pulsard

TODO - here we want a quick tour of Pulsar, including:

  • showing events being monitored
  • simple rule example
  • simple detection example
  • very simple step-by-step explanation of what is going on

Resources

  • Read the docs: understand how to install and set up Pulsar.
  • Concepts: dive deep into Pulsar architecture and main concepts.
  • Tutorials: learn how to use Pulsar with practical examples.
  • Develop new modules: build new eBPF probes and integrate them into Pulsar through the modules system;
  • Roadmap: check out the plan for next Pulsar releases;
  • Support: join the Discord server for community support.

Contributing

If you're interested in contributing to Pulsar — thank you!

We have a contributing guide which will help you getting involved in the project.

Community

Join the Pulsar Discord server to chat with developers, maintainers, and the whole community. You can also drop any question about Pulsar on the official GitHub discussions or use the GitHub issues for feature requests and bug reports.

License

Pulsar is licensed under two licenses — Pulsar userspace code is licensed under APACHE-2.0. Pulsar eBPF probes are licensed under GPL-2.0.