tracee icon indicating copy to clipboard operation
tracee copied to clipboard

verified publisher icon aquasecurity

Metadata

Linux Runtime Security and Forensics using eBPF

Results 379 tracee issues
Sort by recently updated
recently updated
newest added

feature: trace HTTPS events

1 comment

## Description When trying to track network requests, HTTPS calls aren't tracked by net_packet_http (only net_packet_ipv4) ``` sudo docker run --name tracee -it --rm --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -v...

hermogenes avatar hermogenes

kind/feature

container name, and container id not seen.

8 comment

## Description container name, and container id not seen. ## Output of `tracee version`: { "timestamp": 29987099453068, "threadStartTime": 29987099069516, "processorId": 5, "processId": 56216, "cgroupId": 4294967297, "threadId": 56216, "parentProcessId": 7653, "hostProcessId":...

venumadhavjosyula avatar venumadhavjosyula

kind/bug

tracee can't load webhook config when not using an URL

``` Error: printer.(*webhookEventPrinter).Init: unable to convert timeout value "5s?gotemplate=/path/to/template/test.tmpl?contentType=application/json": time: unknown unit "s?gotemplate=/path/to/template/test" in duration "5s?gotemplate=/path/to/template/test.tmpl?contentType=application/json" ``` ``` cache: type: mem size: 512 perf-buffer-size: 1024 healthz: true metrics: true pprof:...

josedonizetti avatar josedonizetti

kind/bug

Add support for <, > operators

Add support for operators in filters. Example: ./tracee -e=open.retval

OriGlassman avatar OriGlassman

kind/feature

add io_uring visibility

io_uring is a kernel mechanism for performing I/O operations asynchronously. currently, tracee doesn't have visibility for some of those operations, and also no visibility for usage of io_uring.

roikol avatar roikol

kind/feature

Enrichment concurrency issue with control plane

1 comment

Since we moved cgroup mkdir and rmdir processing into the control plane, there is an indeterminacy if a cgroup exists by the time its initial enrichment is requested. The reason...

NDStrahilevitz avatar NDStrahilevitz

kind/bug

Unknown container runtime on some kubernetes clusters

12 comment

## Description 1. Create a containerd gke cluster 2. Run tracee with `-f e=cgroup_mkdir,container_create` 3. Observe that cgroup paths are of the form `kubepods//podXXXX/` 4. Observe that container_create events have...

NDStrahilevitz avatar NDStrahilevitz

kind/bug
area/kubernetes

Add network events to a network probe group and refactor what is needed to support it.

As a first step towards having multiple event groups (so extensions can be supported), this issue should concentrate effort in moving the network events into a new event group and...

rafaeldtinoco avatar rafaeldtinoco

kind/feature

Writing to a process memory event

We need an event that is triggered by writing to another memory process, using /proc//mem for example. It should include internal information about the memory.

AlonZivony avatar AlonZivony

kind/feature
area/events

Need to update the video on the README

2 comment

Link to the section: https://github.com/aquasecurity/tracee/blob/main/Readme.md The video in the README will likely not be too relevant for users moving forward. In that case it is better to remove the video...

AnaisUrlichs avatar AnaisUrlichs

kind/documentation

Metadata

3.3k
Stars
390
Forks
Watchers

Owner

verified publisher icon aquasecurity

Metadata

Linux Runtime Security and Forensics using eBPF

Back