tracee icon indicating copy to clipboard operation
tracee copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

[FEAT] add new bpf_attach event

Open roikol opened this issue 3 years ago • 0 comments

Prerequisites

  • [ ] This issue is an EPIC issue (add label: EPIC).
  • [ ] This issue is an EPIC TASK (add issue to EPIC description).

Select one OR another:

  • [x] I'll create a PR to implement this feature (assign to yourself).
  • [ ] Someone else should implement this (describe it well).

Feature description

This feature is about adding bpf_attach event. This event will indicate bpf program being attached to a system event (kprobe, tracepoint, etc.).

This event will be then used in signatures.

roikol avatar Jul 21 '22 12:07 roikol