Get Garnet running in 3 minutes.

Prerequisites

  • Linux kernel ≥5.15
  • GitHub account OR Kubernetes cluster OR Docker

Step 1: Get API token

# Visit dashboard.garnet.ai/tokens and create token
export GARNET_API_TOKEN="garnet_xxx"
Copy the token immediately - you won’t see it again.
Generate API token in Garnet dashboard

Step 2: Choose deployment

GitHub Actions

CI/CD monitoringMonitor build pipelines for supply chain attacks and crypto miners.
- uses: garnetlabs/garnet-action@v1

Kubernetes

Cluster-wide protectionDeploy agents on every node for comprehensive monitoring.
helm install jibril garnet/jibril

Docker

Host-level monitoringRun agent on standalone hosts or container environments.
docker run garnet/jibril

Step 3: Verify

Visit dashboard.garnet.ai ✅ Your agent should appear in 1-2 minutes
✅ Detections appear when threats occur (not immediately) Agent setup options in dashboard

Step 4: Test (optional)

Trigger a test detection: 
# This connects to a known test domain
curl http://malicious.test.garnet.ai
Expected: Alert in dashboard within 10 seconds Example detection alert from security scan

Add alerts (optional)

# 1. Create Slack webhook: api.slack.com/messaging/webhooks
# 2. Add to Garnet:
Dashboard Settings Notifications Slack Webhook URL
Slack notification example showing security alert

What’s being monitored?

  • Network: Connections to IPs, domains, ports
  • Processes: Commands, ancestry, execution
  • Files: Reads, writes, deletes

Next steps

View Detections

See all security events

Enable Blocking

Stop threats automatically

Examples

Real-world detections
Problems? Troubleshooting →