Open incertum opened 3 months ago
Motivation
For specialized detections we could benefit from fully supporting and parsing the following syscalls.
fallocate
ftruncate
fsopen
fsmount
kexec_load
They are currently yellow / generic syscalls https://falcosecurity.github.io/libs/report/
/milestone TBD
CC @loresuso @darryk10
CC @ericsage here is a previous PR showing how to add new fillers https://github.com/falcosecurity/libs/pull/1242/files.
Motivation
For specialized detections we could benefit from fully supporting and parsing the following syscalls.
fallocate
CC @Molter73ftruncate
CC @Molter73fsopen
fsmount
kexec_load
They are currently yellow / generic syscalls https://falcosecurity.github.io/libs/report/