-
**Motivation**
Currently, the plugin API only supports `uint64` and `charbuf` field types. However, could be a good idea to add support for additional types to align with the `libsinsp` library.
…
-
It is stated here that the `m_ptid` is `The id of the process that started this thread.`
https://github.com/draios/sysdig/blob/b74233243ed9e9ad216a6f1249046fe04a06b177/userspace/libsinsp/threadinfo.h…
-
At the moment `sysdig -l` shows a couple filters that can be used to filter on labels from kubernetes, mesos and marathon:
```
----------------------
Field Class: k8s
k8s.pod.labels Kubernete…
-
Hi 👋
We have some false positive alerts on empty events, similar to https://github.com/falcosecurity/falco/issues/3234, https://github.com/falcosecurity/falco/issues/2700 (hope I can help in th…
-
We can use this ticket to collectively discuss steps we can take to more programmatically attempt to reduce issues related to more corner case segfaults or memory leaks. It's a challenging task for ev…
-
After upgrading to falco 0.38.0 some k8s specific fields are not pupulated any more. E.g. k8s.ns.name amd k8s.pod.name.
Enviroment ist k8s 1.28.6 with the following runtime components:
* dock…
-
**Motivation**
I'm working on a project where it's crucial to monitor system events for a specific process and all of its descendants. The current issue I'm facing is that using `proc.sid` as a fil…
-
Some times the events from sandbox rule "Write below root" contain a incomplete path, making it hard to know the location of the file in question. This is an example message:
"14:27:16.40285343…
-
**Motivation**
We are missing logs for what a user is performing in a container. We have alerts if one does "dangerous" commands like `nc` but I want to use falco to generate a history of logs for …
-
**Motivation**
Right now, the default output for Falco is stdout with `basic text` as format. The generated log lines follow this pattern ` `:
```
14:37:27.505989596: Warning Detected ptra…
Issif updated
1 month ago