Pulsar is an event driven framework for monitoring the activities of Linux devices. It allows you to collect runtime activity events from the Linux kernel through its modules, and evaluate each event according to your own security policy set. Pulsar is supported by eBPF and written in Rust. It is lightweight and safe.
Pulsar is a highly modular, event based run-time security framework. Pulsar is designed for the Internet of Things and edge computing, and is optimized for performance, runtime cost, and edge security.
The Pulsar core module uses the eBPF detector to collect events from the kernel in a safe and efficient manner. Pulsar events can be divided into the following four main areas:
- File I/O : I/O operations on disk and memory.
- network : Data from the network stack.
- process : Process information, including file execution and file opening.
- System Activity : Device activities, including system calls.
Pulsar adopts modular design and construction, which can easily adjust the core architecture to adapt to new use cases, create new modules or write custom rules.