Plugins

Hold

- Holds the execution until ctrl+c or SIGTERM is received. - Used for detection recipes needing continuous monitoring.

Procfs

- Reads /proc files during startup for existing processes. - Populates eBPF maps with existing data.

Printers

- Implements different end points (printers). - Simplest printer is stdout, which prints to the standard output. - The varlog printer logs output to /var/log/{loader,jibril}.log.

NetPolicy

- Enforces network policies based on CIDRs and domain names. - Able to drop DNS resolutions synchronously.

Detect

- Tracks every task and file and the actions performed on them. - Correlates tasks and files with other resources. - Provides the common ground for detection recipes.