Appearance
Version 2.10
Profiling reports
Extensible pipeline.
GitHub Actions improvements.
✨ Overview
Jibril v2.10 introduces rich behavioral profiling, powerful pipeline extensions, network context enrichment, and enhanced integration with GitHub Actions.
🚀 Key Features
| Feature | Description |
|---|---|
| Behavioral profiling | Generates a profile event that summarizes all recent flows and detections. |
| Markdown report printers | Output concise (profiler) or full (profiler4fun) profiles in easy-to-read Markdown. |
| Geo-IP enrichment | Adds peer location, ASN, and ISP details with efficient local caching. |
| Pipeline extensibility | Plug-in event pipeline stages: persisters (storage) and transformers (live modification). |
| GitHub Actions integration | Offers richer event context and sharper workflow discovery for CI pipelines. |
📝 New in v2.10
📊 Behavioral profile event (profile)
The profile event captures a behavioral summary of recent system and network activity.
- Classifies network activity by direction:
egress(outbound peers)ingress(inbound peers)local(internal communication)
- Aggregates dropip peer outcomes, highlighting the most severe result observed.
How to enable
Set both the profile event and the persisters feature (inmemory) in your configuration to generate profile summaries.
🗒️ Markdown Report Printers
profiler
Compact summary as markdown file.
profiler4fun
Full, detailed report with execution, network, assertions, and summary.
Environment variables for outputs
| Environment variable | Description |
|---|---|
JIBRIL_PROFILER_FILE | Path to the profiler markdown file. |
JIBRIL_PROFILER4FUN_FILE | Path to the profiler4fun markdown file. |
🌎 Geo-IP Enrichment
| Field | Description |
|---|---|
| Latitude | Peer IP's geographic latitude coordinate. |
| Longitude | Peer IP's geographic longitude coordinate. |
| Continent | Name of the continent where the peer IP is located. |
| Continent Code | Two-letter code representing the continent (e.g., EU, NA). |
| Country | Name of the country associated with the peer IP. |
| Country Code | ISO country code for the peer IP (e.g., US, DE). |
| Region | Region or state within the country of the peer IP. |
| Region Name | Full name of the region or administrative area. |
| City | City where the peer IP is registered or geolocated. |
| ISP | Internet Service Provider for the peer IP. |
| Org | Organization operating the IP block. |
| AS Name | Name of the Autonomous System (AS) to which the IP belongs. |
🗃️ Persisters
- In-memory LRU cache storing recent events for downstream queries and aggregation.
- Enables advanced features like behavioral
profileevent summaries and historical correlation. - Ensures rapid, bounded-access to past events without external databases.
Refer to Persisters for configuration and usage.
🛠️ Transformers
- Inline modification or enrichment of events before output, supporting chained transformation logic.
- Adjusts event fields (such as
severity,confidence, orrisk_score) on-the-fly to enhance data quality or apply custom logic. - Supports dropping or remapping events dynamically in the dispatch pipeline.
See Transformers for example chains and options.
📈 Improvements
- Enhanced GitHub integration with richer workflow and context discovery.
- Improved event readability: aggressive deduplication, optimized process trees, and concise auto-generated summaries.
- More accurate local and remote IP/domain resolution.
- Optimized geo-IP lookups using concurrent batch processing with resource limits.
- Consistent scoring fields standardized:
severity,confidence, andrisk_scorenow unified across events.
⚙️ Experimental
- Prototype eBPF
uProbesupport for dynamic program attachment and multiple probe types.
🔄 Upgrade Notes
- Documentation fully migrated to VitePress and reorganized for clarity.
- Profile event schema updated with version markers, additional score fields, and extended metadata.
Full details available in the configuration guide.