▲ 6 r/AskNetsec+1 crossposts

What are you using to collect, calculate, and report security KPIs?

Hi everyone;

I've been looking around and haven't found a tool that lets you actually define and track your own KPIs. Not control compliance I mean real KPI tracking: define the metric, track it over time, report on it.

Everything I find is either a GRC tool (compliance-focused, not KPI-focused) or a BI tool you have to bend into shape yourself.

What's actually working for people here? Spreadsheets, Grafana, something built in-house, a GRC tool that secretly does this well?

reddit.com
u/No_Relief3499 — 5 days ago
▲ 7 r/eBPF+2 crossposts

research project: per-tool syscall attribution and enforcement for LangChain agents using eBPF, looking for feedback

i have been working on a research project around LangChain agent runtime security and wanted to share it here and hear from people who are actually building with LangChain.

the problem i am trying to address is that when an LLM calls one of your registered tools in an unintended way, process level monitoring tells you a suspicious syscall happened but it doesnt tell you which tool caused it. for agentic workloads where different tools have genuinely different trust levels, that granularity gap matters.

the approach is to hook into CPython's internal runtime state via eBPF to track BaseTool execution boundaries and attribute every syscall back to the specific tool that caused it, file opens, network connections, process spawns, with per-tool enforcement policies applied at the kernel level via LSM hooks. no code changes needed in your agent.

current support is CPython 3.12, LangChain and LangGraph. the reason scope is this narrow is because generalizing hook point discovery across different runtimes and versions is the hard unsolved part, and i didnt want to overclaim anything before that is solved.

this is not production ready and there is a lot of work still ahead. but i wanted to put it out and hear from people building LangChain services. how are you thinking about monitoring and enforcement for your tools today? is tool level attribution something that would matter for your workload?

would also genuinely welcome collaborators if anyone finds this direction interesting.

https://github.com/altugbozkurt07/ironscope

u/No_Relief3499 — 10 days ago