Plugins

Jibril is both a loader and a plugin. Have more plugins if you wish.

Last updated 4 days ago

Was this helpful?

Plugins

Jibril is both a loader and a plugin. Have more plugins if you wish.

Example

Plugin

Description

HelloWorld

Simple demo purpose plugin.

Config

Note: There are no plugins in the config extension.

Data

Note: There are no plugins in the data extension.

Jibril

Plugin

Description

Hold

- Holds the execution until ctrl+c or SIGTERM is received. - Used for detection recipes needing continuous monitoring. - Example: Tests do not need to hold because they are short-lived.

Procfs

- Reads /proc files during startup for existing processes context. - Populates eBPF maps with existing data before starting the monitoring.

Printers

- Implements different printers (data endpoints). - Simplest printer is stdout, which prints to the standard output. - The datakeeper printer keeps printed events for near-future reference. - The varlog printer logs output to /var/log/{loader,jibril}.log.

Net

- Captures network flows and correlates with other . - Tracks every socket in the system and the actions performed on them.

NetPolicy

- Enforces network policies based on CIDRs and domain names. - Drops traffic that does not comply with predefined network policies.

Detect

- Tracks every task and file and the actions performed on them. - Correlates tasks and files with other . - Provides the common ground for detection recipes.

GitHub

- Interacts with GitHub repositories. - Enables functionalities related to GitHub integrations.

Last updated 4 days ago

Was this helpful?