Plugins
Last updated
Last updated
Hold
- Holds the execution until ctrl+c or SIGTERM is received.
- Used for detection recipes needing continuous monitoring.
Procfs
- Reads /proc files during startup for existing processes.
- Populates eBPF maps with existing data.
Printers
- Implements different end points (printers).
- Simplest printer is stdout, which prints to the standard output.
- The varlog printer logs output to /var/log/{loader,jibril}.log.
NetPolicy
- Enforces network policies based on CIDRs and domain names. - Able to drop DNS resolutions synchronously.
Detect
- Tracks every task and file and the actions performed on them. - Correlates tasks and files with other . - Provides the common ground for detection recipes.
