Open
Description
The current analyze mode is a replacement of the previous tracee-rules binary but misses many new features developed since then.
It needs to support at least a few things, such as:
- access to process tree information through data sources
- access to container enrichment info through data sources
For the data source to be available to the analyze mode, some steps being taken during the pipe line stages will have to be disabled (like realtime procfs access) and the data source might have to be serialized in a way it can be consumed later (for example).