Yaniv Agman
Yaniv Agman
@AnaisUrlichs I think this was already done? https://aquasecurity.github.io/tracee/dev/docs/install/prerequisites/
part of #1310
Shouldn't have been closed
We can think about event parameters as a way to configure the event. It may be that different policies will want to configure an event differently, e.g. choose different symbols...
> can you elaborate what does it mean that a user sets the value of severity (what's the use case)? If the user doesn't care about the reported event severity...
> thanks for clarifying, so I think my comment still holds (only about tending to the severity use case) Not sure what you mean by that. Anyway the issue here...
> How do we expect users to configure this? Like this: `event.config.params.xxx=y` where xxx is a parameter of the given event and y is the value to set the parameter...
> can you please give an example for how a user set configuration? it would be easiest to discuss this way ``` rules: - event: symbols_loaded config: - params.symbols=symbol1 filter:...
@rafaeldtinoco Do you use CO-RE in this environment you use for ARM64? If so, this might be related: https://github.com/aquasecurity/tracee/issues/1189#issuecomment-983727608
I think inode creation best describes file creation on the system. Struct file, like you said, is an instance of a file and its creation doesn't mean that a new...