RS Runtime Security Observability + Control
Start Free Read Docs
Feature-first security platform

Detect, investigate, and control runtime risk across Kubernetes, containers, and Linux hosts.

Runtime Security unifies findings, event timelines, and policy controls in one workflow so teams move from alert to action quickly. Deploy the sensor with standalone, Docker, Kubernetes, EKS, or ECS based on your environment.

Start Free Explore Features Deployment Docs
Real-time Visibility Process, file, and network telemetry mapped to workloads and hosts.
Investigation Workflow Correlated threat, vulnerability, and process signals with fast triage context.
Flexible Deployment Run on standalone Linux, Docker, Kubernetes, EKS, or ECS with the same dashboard.

Feature pathways

See the core capabilities before rollout

Start with visibility, detection, investigation, and policy controls, then deploy in the environments you need to cover.

Step 2

Detection findings

Prioritize correlated threat and vulnerability findings with severity and compliance mapping.

Step 3

Event timeline

Drill into process, file, and network events to reconstruct runtime behavior quickly.

Standalone Docker K8s EKS ECS
Step 4

Policy controls

Apply file, process, and network monitoring policies based on investigation outcomes.

Step 5

Deploy + scale

Roll out sensor via standalone, Docker, Kubernetes, EKS, or ECS while keeping the same feature set.

Feature-first onboarding with deployment included

Create your account, explore findings and controls, then deploy sensors in the environments where you need live coverage.

Open Sign-up Form Feature + Deployment Docs

Core feature stack

From runtime visibility to policy-driven response

Use one platform to observe activity, correlate risk, and apply controls without switching tools.

1) Runtime visibility

Stream process, file, and network telemetry across clusters, containers, and Linux hosts in near real time.

2) Correlated detections

Group threat, vulnerability, drift, and process anomalies into prioritized findings with actionable context.

3) Policy response

Turn investigation output into file, process, and network policies that reduce repeat runtime risk.

Feature deep dive

Detect and investigate from the same screen

Correlated signals help teams move from severity to event evidence quickly without exporting data between tools.

MITRE ATT&CK T1059 Command and Scripting Interpreter 18 events across production namespaces in the last 30 minutes.
PCI DSS Requirement 10.2 high-risk event cluster 9 audit-linked events with privileged command execution.
Vulnerability CVE-linked runtime signal in payment service image Image hash drift observed after container restart.
Exposure Unexpected open admin port on non-managed container Port surfaced after deployment policy bypass.

Process Alerts

Prioritized by severity and recent activity
  • bash spawned by nginx in production containerhigh
  • curl executed with external IOC domain argumentmedium
  • chmod 777 on executable path under /usr/local/binmedium
  • scp initiated from host to unknown destinationlow

Runtime control

Policy controls that close the loop

Apply controls where detections occur and keep observability plus response synchronized.

File Monitoring Control

Watch sensitive files, configuration paths, and drift-prone binaries with policy scoping.

  • Include and exclude path rules
  • Read and write action filters
  • Policy templates for high-risk files

Process Monitoring Control

Control runtime execution with process-based include/exclude patterns and context filters.

  • Binary and command pattern controls
  • Per-host and container targeting
  • Drift and privilege escalation focus

Network Monitoring Control

Monitor DNS and egress behavior with policy-level baselines for runtime activity.

  • Protocol and endpoint-focused rules
  • Service and namespace segmentation
  • IOC-aware runtime monitoring hooks

Deployment coverage

Deploy your way without losing feature parity

All deployment paths feed the same findings, event timeline, and policy control workflows.

Standalone

Linux Host Binary

Install directly on Linux hosts for rapid proof of value and full host-level visibility.

Docker

Docker Runtime

Run as a privileged container where Docker is primary runtime and keep full event plus control coverage.

Kubernetes

K8s Clusters

Deploy with cluster manifests for namespace, pod, and container telemetry with unified policy controls.

EKS

AWS EKS

Use AWS-tailored deployment for managed Kubernetes while preserving full detection and policy features.

ECS

AWS ECS

Deploy on ECS EC2 launch type for task-level runtime visibility and centralized investigation workflow.

Architecture diagram

A simple view for end users

Your workloads keep running where they already live. A small runtime sensor is added, and that sensor sends security activity into the Runtime Security console for review.

Your environment

Linux hosts, Docker, Kubernetes, EKS, or ECS workloads where your applications already run.

Runtime sensor

The sensor is installed with one of the deployment commands and watches process, file, and network activity.

Runtime Security console

Events, findings, and policy controls are presented in one place so teams can review and respond.

Deployment diagram

The rollout sequence using the same commands as `overview.php`

These examples mirror the real commands shown after login. Replace the placeholders with your customer UUID and pin, or use the generated values from the rollout page.

1

Choose a path

Pick Linux, Docker, Kubernetes, EKS, or ECS based on where your application runs.

2

Use your account values

The command includes `CUUID` or `code` plus `PIN` so the new sensor connects to the right account.

3

Run the command

Install the sensor in the target environment with the matching command shown below.

4

Verify visibility

Open the console and confirm new findings, timeline activity, and policy coverage start to appear.

Static landing pages cannot inject per-customer secrets, so this page shows the exact rollout patterns from `overview.php` with placeholders: `YOUR_CUSTOMER_UUID` and `YOUR_PIN`.

Kubernetes

Direct cluster install.

kubectl create -f "https://runtimesecurity.in/k8s.php?code=YOUR_CUSTOMER_UUID&pin=YOUR_PIN"

Amazon EKS

Configure cluster access, then install.

aws eks update-kubeconfig --region <region> --name <cluster-name>
kubectl create -f "https://runtimesecurity.in/eks.php?code=YOUR_CUSTOMER_UUID&pin=YOUR_PIN"

Amazon ECS

EC2 launch type only.

curl -fsSL "https://runtimesecurity.in/ecs.php?code=YOUR_CUSTOMER_UUID&pin=YOUR_PIN" -o bpfaudit-ecs-task.yaml
aws ecs register-task-definition --cli-input-yaml file://bpfaudit-ecs-task.yaml
aws ecs update-service --cluster <ecs-cluster> --service <service-name> --force-new-deployment

Linux host

Run the downloaded binary on the host.

wget https://runtimesecurity.in/download/bpfagent-amd64
CUUID=YOUR_CUSTOMER_UUID PIN=YOUR_PIN ./bpfagent-amd64

Docker

Run the sensor as a privileged container.

docker run --rm -itd --privileged --pid=host --env CUUID=YOUR_CUSTOMER_UUID --env PIN=YOUR_PIN docker.io/bpfaudit/bpfaudit:latest

Ready to evaluate features in your own environment?

Create an account, review findings and controls, then deploy sensors with the method that matches your platform.

Start Sign-up Read Full Docs