Frederico Araujo

Execveat exit event not working properly

4

**Describe the bug** In our tests of several versions of the libs between 0.31.1 and 0.32.1 (inclusive), we ~observed that the execveat system call exit is propagating to libsinsp as...

**Indicate project** Processor **Overview** We want to enable Kafka transport in the SysFlow Processor, using our encoder/transport architecture as the base framework. **Tasks** - [x] Encoder - [ ] Add...

## Scheduled to happen: 2024-01-31 ## Release PRs - [ ] [Collector: s390x support, libs0.13](https://github.com/sysflow-telemetry/sf-collector/pull/63) ## Action Items - [x] Pre-release: Prebuilt images - [x] Pre-release: [Milestones](https://github.com/orgs/sysflow-telemetry/projects/4) - [x] Pre-release:...

**Description** Update libSysFlow to track Falco libs 0.14.

**Indicate project** collector, exporter, processor **Describe the feature you'd like** Modify the CI and builds to support multi-arch builds (amd64, arm64, s390x) via QEMU.

**Indicate project** processor **Describe the feature you'd like** Document processor's multi-language/source rules engine.

Add Sigma rules support

1

**Indicate project** Processor **Overview** We want to enable Sigma rules evaluation in the SysFlow Processor, using our policy engine architecture as the base framework. **Tasks** - [x] Refactoring to enable...

Test refactored rules engine: - [ ] falco - [ ] sigma

**Indicate project** collector **Describe the feature you'd like** Include the current working directory (proc.cwd) in the SysFlow Process object. **Additional context** This would enable consumers of SysFlow to disambiguate programs...

**Indicate project** collector **Describe the feature you'd like** The Falco libs have recently added support for _open\_by\_handle\_at_. It needs to be mapped to the family of _open_ operations in libSysFlow....