Appearance
Current version: v2.9.1
Jibril is a runtime security platform for Linux and Kubernetes built on eBPF technology. It provides system-wide monitoring with query-driven event collection that eliminates traditional performance bottlenecks.
| Category | Capabilities |
|---|---|
| Collection | Process execution, file system operations, DNS queries, network traffic, container operations |
| Detection | 70+ built-in YAML detection recipes, optional AI-powered noise reduction |
| Response | JavaScript-based reactions, network policy enforcement, IDS integration, alert generation |
Performance
- Handles 100,000+ events/second
- No event loss under load
- Sub-second query response times
- Bounded, predictable memory footprint
Architecture
Jibril uses a query-driven model: data is retrieved on demand rather than queued. This eliminates event queue overflow and maintains consistent, low CPU overhead regardless of event volume.
Deployment
Deploys as a DaemonSet on Kubernetes for cluster-wide coverage, or runs standalone on Linux hosts.