Events

Events are enabled explicitly under events: in the configuration file.

Event Categories

Jibril supports multiple categories of events.

Each event corresponds to:

A detection recipe.
An informative event.

Informative events

Informative events provide context and operational visibility. These events are not necessarily security findings, they are useful for debugging, auditing, and understanding runtime behavior.

flow: info about network flows.
dropip: info about network policy applied.

Configuration

yaml

events:
  # info events about network policy applied.
  - dropip

  # info events about network flows.
  - flow

  # detection recipes.
  - auth_logs_tamper
  - binary_self_deletion
  - crypto_miner_execution

Routing

Generated events are dispatched through configured Printers.

Event Dispatch

They are distinct from Jibril stdout and stderr logs, which are intended for operational logging and debugging of Jibril itself. Events can be routed to stdout if desired, but this is done by the stdout Printer, not by default.

Compare

Kubernetes

Caches

Cadences

File Access

Execution

Network Peers

Env Vars

Events

Event Categories

Configuration

Routing

Events ​

Event Categories ​

Configuration ​

Routing ​

Events

Event Categories

Configuration

Routing