Events
Enable or disable events at will.
Jibril (Net)
flow
Captures and logs network flow data, including source and destination addresses, ports, and protocols.
Jibril (NetPolicy)
dropip
- Informs dropped network flows (dropped by existing policy). - The network flows might have been dropped due to CIDR or domain name restrictions.
dropdomain
- Informs dropped domain resolutions (dropped by existing policy). - The domain resolutions might have been dropped due to domain name restrictions.
Jibril (Detect)
Mechanism: File Access
capabilities_modification
Detects changes to file capabilities.
code_modification_through_procfs
Detects code modifications via /proc.
core_pattern_access
Monitors access to core pattern configurations.
cpu_fingerprint
Identifies unique CPU fingerprints for anomaly detection.
credentials_files_access
Tracks access to credential files.
filesystem_fingerprint
Detects changes in filesystem signatures.
java_debug_lib_load
Monitors loading of Java debug libraries.
java_instrument_lib_load
Tracks loading of Java instrumentation libraries.
machine_fingerprint
Identifies unique machine fingerprints.
os_fingerprint
Detects changes in OS signatures.
os_network_fingerprint
Monitors OS network-related fingerprints.
os_status_fingerprint
Tracks OS status changes.
package_repo_config_modification
Detects modifications in pkg repository configurations.
pam_config_modification
Monitors changes to PAM configurations.
sched_debug_access
Detects access to scheduler debug interfaces.
shell_config_modification
Tracks changes to shell configurations.
ssl_certificate_access
Monitors access to SSL certificates.
sudoers_modification
Detects changes to sudoers files.
sysrq_access
Tracks access to sysrq functionalities.
unprivileged_bpf_config_access
Detects access to unprivileged BPF configurations.
global_shlib_modification
Monitors modifications to global shared libraries.
Mechanism: Execution
binary_executed_by_loader
Detects binaries executed via the ELF loader.
code_on_the_fly
Monitors dynamic code execution.
denial_of_service_tools
Detects the use of denial-of-service tools.
exec_from_unusual_dir
Tracks executions from non-standard directories.
file_attribute_change
Detects changes to file attributes.
hidden_elf_exec
Identifies hidden ELF executions.
interpreter_shell_spawn
Monitors the spawning of interpreter shells.
net_filecopy_tool_exec
Detects the execution of network file copy tools.
net_mitm_tool_exec
Identifies man-in-the-middle network tool executions.
net_scan_tool_exec
Detects network scanning tool executions.
net_sniff_tool_exec
Monitors the use of network sniffing tools.
net_suspicious_tool_exec
Detects suspicious network tool executions.
net_suspicious_tool_shell
Identifies suspicious tool shells in network contexts.
passwd_usage
Tracks the usage of the passwd command.
runc_suspicious_exec
Detects suspicious executions related to runc.
Jibril (GitHub)
Provides a comprehensive summary of all GitHub-related events.
Summarizes detection events triggered by GitHub integrations.
Aggregates and summarizes net flows related to GitHub activities.
Provides summaries of code changes across repositories.
Summarizes pull request activities for monitoring and review.
OpenAI and Privacy: These events are generated by OpenAI according to data provided by Jibril (source code changes, tasks, network flows, detected events, etc.). The user should be aware of the privacy implications of sharing this data with OpenAI.
Last updated
Was this helpful?