fibratus

Fibratus is an open-source software tool for monitoring and analyzing operating-system events by tapping into kernel tracing facilities. It is used in security research, incident response, forensics, and performance analysis to observe low-level activity such as process creation and termination, file and I/O operations, network activity, and other kernel events in real time. The tool emphasizes a lightweight footprint and modular design, enabling users to configure which events to capture, apply filters, and build derived metrics.

The architecture centers on an event-collection engine that streams data into a processing pipeline. Users interact

Fibratus is maintained as an open-source project with documentation, issue trackers, and user-contributed examples in a