Itay Shakury
Itay Shakury
also https://github.com/aquasecurity/tracee/issues/453
I think that in the current design (2 processes) we need to add add a pre-step tot the entrypoint like `tracee-rules --list-events` or something similar, then use this as flags...
I don't think so since signatures can be loaded/unloaded which is currently unhandled
@AlonZivony after talking with @rafaeldtinoco I understand you were working on something similar but for events documentation. FYI
thanks for starting this discussion! 1. I'm all for refactoring the C code if it's practical (we need to be careful when messing with the bpf verifier) 2. the example...
comments from dup issue: > currently tracee.bpf.c is one huge file that's not so easy to comprehend, we should split it into smaller files. probably we want to include the...
how is this different from `-t event=security_file_open -t comm=ls`?
this integration test should consider containerd as well and possibly crio. it's fine to start with testing docker but please consider this as well in the design of the test
This is a good opportunity to aggregate top-level management functionality such as configuration, and observability. I was thinking to have some kind of "tracee-manager" to hold the HTTP server needed...
Not a review, but don't forget docs in cli and md