Follow

has anyone played around with ebpf? The feed of exec() and open() calls seems quite useful from a security monitoring perspective

· · Web · 3 · 2 · 3

@jerry how does ebpf compare to auditd?

I've only ever seen auditd in any detail (it's pretty awesome), but the bits and pieces I've heard about bpf have been positive...

@jerry
Only read about it so far. I have been thinking to start playing with Falco.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.