lclin56

Results 4 comments of lclin56

[New Features]: Extend Falco's rules expression language to additional "SQL" like filtering options common in Big Data frameworks

@leogr Thank you for your response. My current use case involves collecting event data from unknown samples and performing threat analysis downstream. My initial idea was to support batch processing...

[New Features]: Extend Falco's rules expression language to additional "SQL" like filtering options common in Big Data frameworks

>I'd also say that even talking of "SQL" is a bit misleading in the Falco context. Falco is a streaming engine, so it must compute filters as quickly as possible....

Tracking events of all descendant processes created by a target process, dealing with cases like orphan processes.

Hi @Andreagit97, Thank you for the prompt response and for considering this feature request! Yes, you've correctly understood the request. I am indeed looking for an API within that would...

Tracking events of all descendant processes created by a target process, dealing with cases like orphan processes.

Regarding the idea of dynamically calling this API, I have considered it. When I am analyzing an unknown program, I need to track the descendants of the process started by...