tracee
tracee copied to clipboard
aquasecurity
Linux Runtime Security and Forensics using eBPF
@itamarmaouda101 (this is a suggestion, check with your team if this is needed please): After https://github.com/aquasecurity/tracee/pull/1566 and https://github.com/aquasecurity/tracee/issues/1613, it occurred to me that some of the events created to solve...
## Prerequisites I couldn't find anything related to Helm deployments. Most likely not a bug but rather how-to set the environment variable and my lack of knowledge. ## Bug description...
## Prerequisites - [X] I checked the documentation and found no answer. - [X] There isn't an issue describing the bug. ## Bug description The integration tests run `init q`...
I noticed that there is no accessible documentation of events. I think that at first all events were in the shape of the function the hook was on - had...
We alreaady decode some of the syscall arguments (see #493), but there are stil some syscall arguments for which we don't decode the argument values although it can be useful....
**Motivation:** When I was trying to write a simple unit test for functions in `tracee.bpf.c` I found it extremely challenging to set up all the necessary headers in place for...
Currently, every PR, including ones that only change documentations or add docs, will trigger the PR workflow which checks for unit tests, integration and smoke tests. We can easily filter...
Here is the output of a simple non CO-RE test: ``` $ ~/test-tracee.sh _ _ ___ _ _ ____ ___ ____ _____ | \ | |/ _ \| \ |...
When the `protocol` package for events was implemented, the headers were defined according to a common but not necessarily fitting way for tracee-rules. The headers then had to enrich payload...
- [ ] Make use of bpf global variables for configuration and other read-only applications (#784, https://github.com/aquasecurity/libbpfgo/issues/27) - [ ] #476 - [ ] #475 - [ ] #474 -...
Metadata
Owner
Metadata
Linux Runtime Security and Forensics using eBPF