Yaniv Agman
Yaniv Agman
> > to keep the scope of this issue manageable, let's start with just the easy ones, and we can open a new issue for the complex ones later >...
> Just that it would add complexity by splitting the same filters action between the kernel and user space instead of keeping it in only one of them. Since this...
Depends on the implementation. Let's discuss this offline.
Using the new rules as events experience, we can have tags treated the same way as sets. @josedonizetti WDYT?
Great! We should think how we can also choose signatures according to their severity level
> would it make sense to make [`properties`](https://github.com/aquasecurity/tracee/blob/main/signatures/rego/disk_mount.rego#L12) dynamic? So for every property one could filter with `--trace property. severity=3`? So any signature property can have the `key` used as...
This can be a good idea, but we better verify that the users of libbpfgo really don't use it. We can open a discussion about that to see if there...
Actually, we can copy the packages into tracee (including helpers?) and write a comment that it is deprecated in libbpfgo, and whoever wants it can use the package from Tracee,...
> This is something we have discussed historically indeed. There was an issue opened in Tracee for moving away from the CGO polling logic and implement that in Go (inside...
Hi, The thing is that I'm trying to avoid compiling a user-debug android image, and only use fastboot to boot to the compiled kernel. Using android production build, I can't...