tracee

tracee copied to clipboard

fix(events): fix ftrace_hook

1

### 1. Explain what the PR does We need to count how many ftrace based hooks will be placed on each symbol. eventsState may contain duplicate events due to dependencies....

OriGlassman

**New functionality:** Install multiple instances of Tracee to a k8s cluster in separate namespaces. Currently there are two blockers to this. 1. ClusterRole and ClusterRoleBinding cannot be namespaced by design....

hangrymuppet

Failure in argument name resolution results in empty value

2

## Description When tracee tries to resolve a numeric argument to a string (e.g. cmd value of bpf syscall), if the resolution fails, the event field will contain an empty...

oshaked1

Cannot filter on `sys_enter.args.syscall`

2

## Description Filtering on the syscall argument of sys_enter does not work, neither with a syscall name nor with its number. e.g. `sys_enter.args.syscall=321` or `sys_enter.args.syscall=bpf` do not work. ## Output...

oshaked1

The helm config file allow a user to configure a value to a goTemplate, that can be used on the webhook, though tracee doesn't have access to such a file...

josedonizetti

There has been some confusion around [`traceeConfig`](https://github.com/aquasecurity/tracee/blob/main/deploy/helm/tracee/values.yaml#L59) option on the helm values, the idea behind it is to allow the user to inject a full config file, using `helm --set-file`,...

josedonizetti

Extend the tracee-operator to monitor changes to tracee config as well as policies

3

Unless there is a different way to accomplish tracee in k8s applying new configs that I have missed in the docs

hangrymuppet

helm: remove old webhook config

2

Remove old way of configuring webhook. One should now use the configfile -> https://github.com/aquasecurity/tracee/pull/3832

josedonizetti

feat(metrics): add pipeline average time metrics

1

### 1. Explain what the PR does 4aed8fc **feat(metrics): add pipeline average time metrics** ``` Add two prometheus gauges measuring the following metrics: 1. Average time spent from kernel to...

NDStrahilevitz

Error handling event by signature (Process Tree Data Source Test)

2

## Description https://github.com/aquasecurity/tracee/actions/runs/7980171604/job/21789214615?pr=3877#step:5:1575 `./tests/e2e-inst-test.sh` failed with ```json {"level":"error","ts":1708465206.4616668,"msg":"Handling event by signature Process Tree Data Source Test: process (tid: 12665 pid: 12665, ppid: 12657, time: 1708465191356487053, hash: 3194477383) no match for...

geyslan