| icon | layout | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
shield |
|
Jibril is a cutting-edge runtime monitoring and threat detection engine, designed to deliver real-time insights with minimal impact on system performance. Powered by eBPF, it remains efficient even under heavy event loads exceeding hundreds of thousands of events per second–delivering real-time protection for modern environments from dev to prod.
- Ensure the security and integrity of your systems at runtime.
- Deliver clear and actionable insights
Deep Visibility on Root Causes
{% hint style="info" %} Key Benefits
- High Performance: Maintains efficiency with extensive event loads.
- Full Visibility: Tracks all system resources comprehensively.
- Security: Ensures robust security and tamper-evident data integrity.
- Seamless Integration: Easily integrates with existing infrastructure. {% endhint %}
{% embed url="https://www.youtube.com/watch?v=xGT3yiXBC3E" %} Install and Configure Jibril in Less than 5 Minutes {% endembed %}
Navigate the tabs for the main features.
{% tabs %} {% tab title="Detailed Info" %} Detailed Security Event Information
Jibril provides comprehensive tracking across all system resources, including users, processes, files, and network connections. Its query-driven architecture ensures complete visibility and actionable intelligence into system behavior.
Context Information
(OS Package Versions)
Triggerer Ancestry Visibility
FULL File Access History
Track OS Package Dependencies Versions
Detection FULL Context
On Demand CVE Warnings
{% tab title="Noise Filtering" %} Prioritized Detections with Noise Filtering
Jibril has an automatic mechanism to reduce noise. Repetitive alerts are filtered by its nature. Some detections are limited by amount of times they happened on the same parent process, some others are limited by amount of times they happened by the same executable path, and so on.
{% include ".gitbook/includes/untitled.md" %} {% endtab %}
{% tab title="Network Visibility" %} Inbound and Outbound connections tied to Security Events
Complete View of Remote Peers Per Process
Detections are Linked With Corresponding Remote Peer
Full DNS Resolution Path per Peer and Flow
All Processes Communicating with the same Remote Node Are Grouped
All Detections are Flagged on Each Entry (linked with Detections Feature)
{% tab title="Block Traffic" %} Network Policy Enforcement
Block Network Connections Using Domains or IP CIDRs.
Get Bad Reputation Domains Alerts Realtime.