Open
Description
some changes are required to support complex rules as was pointed by krsh.
- internet protocols (TCP, UDP) for networking events
- add command line in Event header
- CONTAINS operator for collections validatron rewrite: rules engine improvements #181
- add name file (now there is only full path)
- better payload.flags Kernel file flags #81
- add app arguments in Exec payload
process-monitor: get program arguments #65 - replace ! with NOT in rules syntax rules enhancements #75
- link and unlink syscalls
fs-monitor: add an event for link and unlink syscalls #64 - ip and port from SocketAddr rules enhancements #75
- fix fileCreated event [Bug]: Error getting full path of files created and deleted within nested mount points #11
- add probe to socket listen
network-monitor: add socket listen event #66 - add probe to do_mkdirat, do_renameat, do_rmdir
file-system-monitor: track directory events and renames #67
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
🏗 In progress