Hello everyone I have a quick question I briefly looked at t osquery #ebpf

Hello everyone, I have a quick question. I briefly...

Andrea

01/17/2023, 5:22 PM

Hello everyone, I have a quick question. I briefly looked at the osquery code base and it looks like “exit” is not implemented yet. Also it looks like it is not implemented on

ebpfpub

. is that correct or I missed it ?

alessandrogario

01/17/2023, 5:59 PM

That is correct, the exit event is currently missing

alessandrogario

01/17/2023, 6:04 PM

There is no "exit" entry required in the serializers file, so tracing it is already possible with ebpfpub

Andrea

01/18/2023, 10:17 AM

understood thank you

Open in Slack

Previous Next