Skip to main content
Version: 2.8.1

โšก Performance

๐Ÿš€ Optimization Guidelines

Performance considerations and optimization guidelines for creating efficient reactions.

โš™๏ธ Performance Considerationsโ€‹

โšก Parallel Execution

Multiple reactions run concurrently for optimal performance.

๐Ÿ”ง V8 Compilation

JavaScript reactions are pre-compiled for fast execution.

๐Ÿ”’ Context Isolation

Each reaction runs in its own isolated environment.

๐Ÿงน Memory Management

Automatic cleanup of reaction contexts.

๐Ÿ›ก๏ธ Resource Limits

Built-in safeguards prevent resource exhaustion.

โœ… Best Practices for Performanceโ€‹

  1. โšก Keep reactions lightweight - Avoid complex computations
  2. ๐Ÿ’พ Use the data store efficiently - Don't store large objects
  3. ๐Ÿ“ Minimize file I/O - Only write essential data
  4. โš ๏ธ Handle errors gracefully - Don't let failed reactions impact others
  5. ๐Ÿงช Test thoroughly - Validate reactions before production deployment

๐Ÿ’ก Example: Optimized Reactionโ€‹

Example of a performance-optimized reaction:

reactions:
  - format: js
    code: |
      function process(data) {
        // Fast path for common cases
        if (!data.process || !data.process.cmd) {
          return; // Exit early if no process data
        }

        // Efficient data access
        let cmd = data.process.cmd;
        let isHighRisk = cmd.includes("wget") || cmd.includes("curl");

        if (isHighRisk) {
          // Only log essential information
          Info("High-risk process: " + cmd);

          // Use efficient data store operations
          let count = parseInt(DataGet("risk_count") || "0") + 1;
          DataSet("risk_count", String(count));

          // Take action only when necessary
          if (count > 5) {
            NetBlockIp();
          }
        }
      }

In a detection system, distinguishing between what belongs in the reaction phase and what should be part of the detection logic is crucial. Think of reactions as an extension of Jibril: they encompass scripts that collect, analyze, interpret, and act on data-similar to the Jibril detection mechanism.

Key Points

  • Jibril Detection Mechanism
    Optimized for enhanced results, efficient caching, and additional functionalities.
  • Reaction Logic
    Should focus on responding to events, without being responsible for filtering or decision-making, which is handled by arbitraries or specific detection features.

Remember: Jibril detection mechanisms are faster and optimized. This makes the use of reactions logic, such as showed above, targeted to fine-grained business logic (and not to replace it).