Mario Hewardt
Mario Hewardt
It looks like the verifier is having problems verifying the eBPF program. We'll add this to our backlog to look into.
Sorry for the delay. I'm working on some high priority release related work items at the moment. Once done, investigating these RHEL/CentOS issues will be up next.
I'm still working on some other work items. I will update everyone as soon as I know more. Thanks for the patience.
Glad you got it sorted out! Yes, by default only few select events are configured. There are a lot of good sources of Sysmon configuration files available online. Please note...
Thanks for reporting this - we will investigate.
Is there a corresponding write syscall listed in the all up trace? We are also working on the file descriptor to file path at the moment.
We will need to do the lookup in eBPF space. Thanks for reporting this - it is something that is high up on the priority list.
Hi - Can you provide more details around this ask? Is it asking: For each new release make a TAR ball available that contains _all_ (incl. submodules) of the sources...
@krzyk could you share the details of your environment? OS? Kernel? Are you attempting to run Procmon inside WSL?
Hey - looks like it failed verification. We're aware of verifier errors on some distros/versions and will look into it as soon as we can.