Jose Donizetti

@denismaggior8 The `--privileged` should give tracee the permissions it needs to run, though you might need to do some extra config on your docker so it doesn't require sudo to...

@NDStrahilevitz WDYT?

@NDStrahilevitz AH, nice, so it is indeed a bug! Thank you

To avoid breaking clients we want to support the old event structure as a printer, so give users more time to migrate to the new structure. So we will have...

Moved it to next release, the event structure is finished and merged, now it is missing integrating it on tracee internals.

Hey @mcherny, thank you for the questions: > Few comments: > > 1. Threat is static information, and hence should be available outside of event (including grpc interface) Do you...

@yanivagman 100%, when creating the events from signatures we can pass all tags as sets https://github.com/aquasecurity/tracee/blob/main/pkg/events/events.go#L84 We can add a specific filter for it, but below it would be 100%...

would it make sense to make [`properties`](https://github.com/aquasecurity/tracee/blob/main/signatures/rego/disk_mount.rego#L12) dynamic? So for every property one could filter with `--trace property. severity=3`? So any signature property can have the `key` used as a...

@itaysk Considering [tracee's scopes](https://aquasecurity.github.io/tracee/v0.17/docs/policies/scopes/), I don't think so. Do you have something in mind?