fibratus issues

chore(deps): Bump `www.velocidex.com/golang/go-ntfs` to latest version

**What is the purpose of this PR / why it is needed?** Bump `www.velocidex.com/golang/go-ntfs` to latest version. **What type of change does this PR introduce?** - [x] Refactor (non-breaking change...

rabbitstack

deps

feat(filter): Introduce TEB filter field

**What is the purpose of this PR / why it is needed?** The `thread.teb_address` filter field returns the thread environment block base address. TEB is the userspace representation of a...

rabbitstack

scope: events

scope: filters

Rules engine prevents VirtualAlloc events propagation

4

Testing new feature to trigger Yara scan when VirtualAlloc with RWX flags occurs, I notice this event is not being captured when rules engine is enabled since the scan does...

iterat0r

type: bug

scope: yara

Some events can't be collected with filaments

1

Hi, **Describe the bug** I'm using a filament to collect the events I want, but it doesn't work for events that has "WriteFile", "RegDeleteKey" and "RegDeleteValue" in their `name` attribute....

cyohg

type: bug

Improve Transformers -> Allow them to interact with parameters that are not in "kparams"

19

Hello ! Fibratus helps me a lot for my current project. However, I've tried using transformers and it seems to only works for editing parameters that are inside the "kparams"...

cyohg

scope: transformers

type: feature

Replaying fails when converting big file into json format

14

**Describe the bug** Hi, I have a common issue when I try to replay big capture files (like 300 Mo .kcap file) When I use this command : fibratus replay...

Swar2424

type: bug

scope: capture

chore: Use standard library atomic bool

### What is the purpose of this PR / why it is needed? Deprecate the bespoke `util/atomic` package in favor of the standard library atomic package. ### What type of...

rabbitstack

chore(filament): Sunset useless filaments

### What is the purpose of this PR / why it is needed? Remove a couple of useless filaments. ### What type of change does this PR introduce? --- >...

rabbitstack

chore(build): Initialize version variable to dev if unset

### What is the purpose of this PR / why it is needed? Initialize the `VERSION` variable to `0.0.0` (dev) if it is not provided. ### What type of change...

rabbitstack

chore(deps): bump github.com/spf13/viper from 1.6.2 to 1.20.1

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.6.2 to 1.20.1. Release notes Sourced from github.com/spf13/viper's releases. v1.20.1 What's Changed Bug Fixes 🐛 Backport config type fixes to 1.20.x by @sagikazarmark in spf13/viper#2005 Full Changelog:...

dependabot[bot]

deps

fibratus
fibratus copied to clipboard

Metadata

chore(deps): Bump `www.velocidex.com/golang/go-ntfs` to latest version

feat(filter): Introduce TEB filter field

Rules engine prevents VirtualAlloc events propagation

Some events can't be collected with filaments

Improve Transformers -> Allow them to interact with parameters that are not in "kparams"

Replaying fails when converting big file into json format

chore: Use standard library atomic bool

chore(filament): Sunset useless filaments

chore(build): Initialize version variable to dev if unset

chore(deps): bump github.com/spf13/viper from 1.6.2 to 1.20.1

← Metadata

Owner

Metadata

fibratus fibratus copied to clipboard

Metadata

← Metadata

Owner

Metadata

fibratus
fibratus copied to clipboard