For years, Tetragon has been the open-source leader for eBPF-based visibility and enforcement. Now owLSM takes the enforcement crown with ease.
While Tetragon remains the more mature project with broader visibility capabilities, owLSM offers second-to-none enforcement capabilities with a full Sigma rules engine in the Linux kernel.Iv'e been working on owLSM for more then a year, today its deployed by my employer on thousends of systems, so its battle proven. Give it a try.
This isn't promotion for my employer, Im not even mentioning his name, I just want to show off the fruits of my hard work.
Check it out: https://github.com/Cybereason-Public/owLSM