has anyone played around with ebpf? The feed of exec() and open() calls seems quite useful from a security monitoring perspective
@jerry
Only read about it so far. I have been thinking to start playing with Falco.
@jerry https://youtu.be/XFJw37Vwzcc
Pretty sure there was a talk about it at CCC 2019
@jerry how does ebpf compare to auditd?
I've only ever seen auditd in any detail (it's pretty awesome), but the bits and pieces I've heard about bpf have been positive...