Provenance is the representation of a system execution as a directed acyclic graph. Those graphs, representing the execution of an entire system from initialization to shut down, can be comprised of millions of graph elements. In this talk, we will discuss how we can capture provenance efficiently while providing guarantees about its completeness and accuracy. We will also look at how provenance can be used in practice, for example, to perform intrusion detection.