AlonZivony
commented
11 months ago Example of a use case - https://github.com/aquasecurity/tracee/pull/3498#discussion_r1340039379
Open AlonZivony opened 11 months ago
AlonZivony
commented
11 months ago Example of a use case - https://github.com/aquasecurity/tracee/pull/3498#discussion_r1340039379
The current analyze mode is a replacement of the previous tracee-rules binary but misses many new features developed since then.
It needs to support at least a few things, such as:
For the data source to be available to the analyze mode, some steps being taken during the pipe line stages will have to be disabled (like realtime procfs access) and the data source might have to be serialized in a way it can be consumed later (for example).