tracee
tracee copied to clipboard
aquasecurity
Linux Runtime Security and Forensics using eBPF
## Prerequisites - I'll create a PR to implement this feature (assign to yourself). ## Feature description This feature is about adding rootkit hooking detection and enabling rules writing on...
## Prerequisites - [ ] There isn't an issue describing the feature I need. - [ ] I don't think opening a discussion thread first is relevant. - [ ]...
## Prerequisites - [ ] This issue is an EPIC issue (add label: EPIC). - [ ] This issue is an EPIC TASK (add issue to EPIC description). Select one...
## Prerequisites - [x] This affects latest released version. - [x] This affects current development tree (origin/HEAD). - [x] There isn't an issue describing the bug. Select one OR another:...
based on the loaded signatures, get the relevant set of "event selectors" and use that to configure tracee-ebpf to trace just the relevant events for the loaded signatures related: #936...
When system load is high, we might be required to drop some events/rules. Currently we don't have a mechanism to prioritize events/rules, neither a mechanism to reduce load consumed by...
## Prerequisites - [ ] This issue is an EPIC issue (add label: EPIC). - [ ] This issue is an EPIC TASK (add issue to EPIC description). Select one...
## Prerequisites - [x] This issue is an EPIC issue (add label: EPIC). - [ ] This issue is an EPIC TASK (add issue to EPIC description). Select one OR...
From @yanivagman: We recently added the new "dependencies" field into the event definition. This concept of dependencies can be expanded to describe which BPF features are required for an event...
Hi Sometimes, kernel rootkits try to commutate with the user-space. To accomplish that they create files with special file operations that handle their requests. To create those files from the...
Metadata
Owner
Metadata
Linux Runtime Security and Forensics using eBPF