Capsule8 Docs
Capsule8 Docs
Help

Welcome to Capsule8 Docs!

First time?

If you’re using Capsule8 for the first time, read below for a high-level overview of Capsule8 Protect.

Capsule8 is an enterprise Linux protection solution, providing detection and resilience for Linux infrastructure in any environment. We use kprobes and perf to collect system telemetry via distributed agents, which allows us to find and stop attacks and other unwanted activity on Linux systems.

Capsule8 is deployed as a lightweight security detection and response agent that is installed on every Linux server you want to protect. You can deploy it wherever you have Linux – in public or private cloud, containers or VMs, on-prem bare metal, and across different kernel versions and Linux distributions.

With Capsule8 you can:

  • Monitor and detect unwanted security events across your enterprise Linux systems
  • Integrate the Capsule8 agent (“sensor”) with your existing logging and alerting infrastructure
  • Create custom rule sets (“strategies”) for detection and response

Overview of components

Sensor

A lightweight agent installed on Linux hosts, collecting events from the hosts to trigger alert generation or automated response

Strategies

Sets of detection/response rules that monitor specified resources for a certain set of abnormal activity or conditions

Alerting

The detection output of strategies, notifying when systems behaviors violate the specified configuration of a strategy