> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kguardian.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Core Concepts

> Understanding the fundamentals of kguardian's security approach

## What is kguardian?

kguardian watches pod traffic and syscalls with eBPF, then writes Kubernetes NetworkPolicies, CiliumNetworkPolicies, and seccomp profiles from what it sees — no hand-authored rules.

This is fundamentally different from traditional approaches where you write policies manually and hope they cover what your workloads actually do.

## Key Concepts

### eBPF-Powered Observability

kguardian uses eBPF (extended Berkeley Packet Filter) technology to observe kernel-level events:

* **Network connections**: TCP/UDP socket operations
* **System calls**: File access, process creation, etc.
* **Zero code changes**: No sidecars, agents, or instrumentation needed

<Info>
  eBPF runs safely in the kernel with minimal overhead (\~1-2% CPU), making it perfect for production observability.
</Info>

### Least-Privilege Security

The core principle: **allow only what's actually used**.

Instead of guessing what your app needs, kguardian:

1. Observes actual behavior
2. Generates policies that allow exactly that behavior
3. Blocks everything else (default-deny)

### Runtime to Policy Pipeline

```mermaid theme={null}
graph LR
    A[Application Runs] --> B[eBPF Observes]
    B --> C[Controller Enriches]
    C --> D[Broker Stores]
    D --> E[CLI Analyzes]
    E --> F[Policy Generated]
```

***

<CardGroup cols={2}>
  <Card title="eBPF Monitoring" icon="radar" href="/concepts/ebpf-monitoring">
    Deep dive into how eBPF observability works
  </Card>

  <Card title="Network Policies" icon="network-wired" href="/concepts/network-policies">
    Understanding Kubernetes network policies
  </Card>

  <Card title="Seccomp Profiles" icon="shield-check" href="/concepts/seccomp-profiles">
    What are seccomp profiles and why they matter
  </Card>

  <Card title="Architecture" icon="sitemap" href="/architecture">
    See how all components work together
  </Card>
</CardGroup>
