Cache

The cache in Jibril is essential for ensuring you don’t miss critical events between detection cycles (“cadence”). By temporarily holding process, file, and network information until the next scan, the cache preserves important context that would otherwise be lost.

Understanding Caches

Jiril's cache track al all OS resources and every action taken on them. From this data, some is volatile and must come from the kernel, but much isn't. Caching stable data lowers kernel calls and improves speed.

Cache & Cadence

If your workload is small, you can use small cache sizes. If your workload is bigger, or you make the detection cadence longer, you’ll probably need to make caches bigger to avoid missing events.

For examples of what cache sizes to use, see the examples page.

Purpose

This design lets Jibril react fast to changes and spot long-running threats. Even under load, resource use stays predictable.

• Track active and dead processes
• Track accessed files
• Track network flows
• Track ALL event relationships

Check cache categories page for more.