{"id":13521916,"url":"https://github.com/foniod/foniod","last_synced_at":"2025-10-04T22:31:06.913Z","repository":{"id":38331564,"uuid":"130035428","full_name":"foniod/foniod","owner":"foniod","description":"Data first monitoring agent using (e)BPF, built on RedBPF","archived":true,"fork":false,"pushed_at":"2023-04-13T17:13:28.000Z","size":3555,"stargazers_count":410,"open_issues_count":17,"forks_count":33,"subscribers_count":19,"default_branch":"main","last_synced_at":"2025-01-23T17:37:31.555Z","etag":null,"topics":["agent","ebpf","monitoring","rust","statsd-client"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foniod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-18T09:08:30.000Z","updated_at":"2025-01-07T02:52:48.000Z","dependencies_parsed_at":"2024-06-19T02:46:45.207Z","dependency_job_id":"922cf198-af5f-4ec3-905b-069cc23d3a6f","html_url":"https://github.com/foniod/foniod","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/foniod/foniod","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Ffoniod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Ffoniod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Ffoniod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Ffoniod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foniod","download_url":"https://codeload.github.com/foniod/foniod/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Ffoniod/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278386094,"owners_count":25978109,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","ebpf","monitoring","rust","statsd-client"],"created_at":"2024-08-01T06:00:39.546Z","updated_at":"2025-10-04T22:31:06.582Z","avatar_url":"https://github.com/foniod.png","language":"Rust","funding_links":[],"categories":["3. Collect","Threat Detection and Forensics","Rust"],"sub_categories":["Metrics","Packing, Obfuscation, Encryption, Anti-analysis"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"150\" src=\"./logo.png\"\u003e\n\u003c/p\u003e\n\u003ch1 align=\"center\"\u003eingraind\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003e\n   Data-first Monitoring\n \u003c/strong\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://circleci.com/gh/ingraind/ingraind\"\u003e\u003cimg src=\"https://circleci.com/gh/ingraind/ingraind.svg?style=shield\" alt=\"CircleCI\" /\u003e\u003c/a\u003e\n \u003ca href=\"https://app.element.io/#/room/!vCJcBZDeGUXaqSvPpL:rustch.at?via=rustch.at\"\u003e\u003cimg src=\"https://img.shields.io/matrix/redbpf:rustch.at.svg?label=chat\u0026server_fqdn=rustch.at\" alt=\"CircleCI\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\ningraind is a security monitoring agent built around [RedBPF](https://github.com/redsift/redbpf)\nfor complex containerized environments and endpoints. The ingraind agent uses eBPF\nprobes to provide safe and performant instrumentation for any Linux-based environment.\n\nInGrain provides oversight of assets and risks:\n * Your customer data - an employee copying your customer database to their\n   personal cloud store.\n * Your infrastructure - an attacker executing a zero day attack to gain access\n   to your web servers.\n * Your resources - malware using your users machines compute resources to mine\n   cryptocurrency.\n\nThis is what `curl https://redsift.com` looks like if seen through ingraind:\n\n![ingrain listening to DNS \u0026 TLS](./screencast.gif)\n\n## Requirements\n\n * LLVM/Clang version 9 or newer\n * Rust toolchain [rustup.rs](https://rustup.rs)\n * Linux 4.15 kernel or newer including kernel headers\n * capnproto\n\n## Compile\n\nThe usual Rust compilation ritual will produce a binary in `target/release`:\n\n    $ cargo build --release\n\nor for a kernel version other than the running one:\n\n    $ export KERNEL_VERSION=1.2.3\n\t$ cargo build --release\n\nor with a custom kernel tree path (needs to include generated files):\n\n    $ export KERNEL_SOURCE=/build/linux\n\t$ cargo build --release\n\t\nWe keep `ingraind` compatible with the `musl` target on `x86_64`,\nwhich you can build like so:\n\n\t$ cargo build --release --target=x86_64-unknown-linux-musl\n\n## Build a docker image\n\nTo build a Docker image, use the instructions above to build an\ningrain binary for the desired kernel. By default, the Dockerfile will\nassume you've built `ingraind` for the `musl` target.\n\n    $ docker build .\n\nYou can specify an arbitrary `ingraind` binary by setting the\n`BINARY_PATH` environment variable:\n\n    $ docker build --build-arg BINARY_PATH=./target/x86_64-unknown-linux-musl/release/ingraind .\n\n## Configuration \u0026 Run\n\nTo get an idea about the configuration [file\nstructure](https://github.com/redsift/ingraind/wiki/Configuration), consult the\nwiki or take a look at the [example config](./config.toml.example) for a full reference.\n\nTo start `ingraind`, run:\n\n    $ ./target/release/ingraind config.toml\n\nDepending on the backends used in the config file, some secrets may need to be\npassed as environment variables. These are documented in\n[config.toml.example](./config.toml.example), which should be a good starting point,\nand a sane default to get `ingraind` running, printing everything to the standard output.\n\n## Repo structure\n\nThe `bpf` directory contains the BPF programs written in C. These are compiled\nby `build.rs`, and embedded in the final binary, and will be managed by the\ngrains.\n\nThe `ingraind-probes` directory contains the BPF programs written in Rust.\n\n# Anything else?\n\nFor more information, take a look at the [Wiki](https://github.com/redsift/ingraind/wiki)\n\n# Contribution\n\nThis project is for everyone. We ask that our users and contributors\ntake a few minutes to review our [code of conduct](https://github.com/ingraind/project/blob/main/CODE_OF_CONDUCT.md).\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the GPL-3.0 license, shall\nbe licensed as GPL-3.0, without any additional terms or conditions.\n\nFor further advice on getting started, please consult the\n[Contributor's\nGuide](https://github.com/ingraind/project/blob/main/CONTRIBUTING.md). Please\nnote that all contributions MUST contain a [Developer Certificate of\nOrigin](https://github.com/ingraind/project/blob/developer-certificate-of-origin/CONTRIBUTING.md#developer-certificate-of-origin)\nsign-off line.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoniod%2Ffoniod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoniod%2Ffoniod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoniod%2Ffoniod/lists"}