CloudArmour.io

Kubernetes runtime

Beagle: Kernel-level visibility and enforcement for containers.

Our Kubernetes-native agent pairs Go orchestration with eBPF monitors for processes, network, files, and capabilities, feeding a Falco-style rule engine and enforcement layer.

Request update See it in the field

What Beagle delivers

Full agent lifecycle

CLI entry point, config validation, graceful start/stop, and event buffering ensure smooth rollouts via DaemonSets or Docker runs.

eBPF instrumentation

Loader abstractions stream kernel events (exec, tcp_connect, file_open, capability use) and route them to enrichment and rule pipelines.

Detection + response

Falco-compatible rules, Kubernetes metadata enrichment, Slack/webhook-ready alerts, and enforcement actions (block syscalls, kill pods, quarantine namespaces).

Problems Beagle solves

Runtime drift

Detects shells in containers, crypto miners, and namespace escapes by correlating process + capability events to policy.

  • Example: a fintech cluster catches `unshare` invocations and kills the offending pod with automatic namespace quarantine.

Signal-to-noise issues

EventCollector buffers bursts, AlertManager dedupes, and metadata enrichment ties workload labels to alerts so SREs know which team owns remediation.

  • Example: platform engineers triage only three aggregated alerts instead of hundreds during a noisy neighbor incident.

Enforcement gaps

Enforcer hooks block syscalls via eBPF LSM, delete pods via Kubernetes API, or isolate namespaces through network policies within <500 ms.

  • Example: a healthcare provider auto-kills pods that attempt to mount host paths while filing evidence to compliance logs.