has anyone played around with ebpf? The feed of exec() and open() calls seems quite useful from a security monitoring perspective

· · Web · 3 · 2 · 3

@jerry how does ebpf compare to auditd?

I've only ever seen auditd in any detail (it's pretty awesome), but the bits and pieces I've heard about bpf have been positive...

Only read about it so far. I have been thinking to start playing with Falco.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.