forked from aquasecurity/tracee
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mkdocs.yml
566 lines (562 loc) · 37.9 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
site_name: Tracee
site_url: https://aquasecurity.github.io/tracee/
site_description: Runtime security and forensics using eBPF.
docs_dir: docs/
repo_name: GitHub
repo_url: https://github.com/aquasecurity/tracee
edit_uri: ""
nav:
- Getting Started:
- Overview: index.md
- Kubernetes - Quick Start: getting-started/kubernetes-quickstart.md
- Installation:
- Getting Tracee: getting-started/installing/getting.md
- Prerequisites: getting-started/installing/prerequisites.md
- Docker: getting-started/installing/docker.md
- Kubernetes: getting-started/installing/kubernetes.md
- Override OS files: getting-started/installing/override-os-files.md
- Packages:
- Ubuntu: getting-started/installing/distros/ubuntu.md
- Fedora: getting-started/installing/distros/fedora.md
- NixOS: getting-started/installing/distros/nix-nixos.md
- Tutorials:
- Overview: tutorials/overview.md
- Working with Tracee's Policies on Kubernetes: tutorials/k8s-policies.md
- Deploy Tracee Grafana Dashboard: tutorials/deploy-grafana-dashboard.md
- Accessing Tracee Logs through Promtail and Loki: tutorials/promtail.md
- Docs:
- Overview: docs/overview.md
- Events:
- Overview: docs/events/overview.md
- Built-in Events:
- Syscalls:
- Overview: docs/events/builtin/syscalls/index.md
- syscalls:
- accept: docs/events/builtin/syscalls/accept.md
- accept4: docs/events/builtin/syscalls/accept4.md
- access: docs/events/builtin/syscalls/access.md
- acct: docs/events/builtin/syscalls/acct.md
- add_key: docs/events/builtin/syscalls/add_key.md
- adjtimex: docs/events/builtin/syscalls/adjtimex.md
- afs: docs/events/builtin/syscalls/afs.md
- afs_syscall: docs/events/builtin/syscalls/afs_syscall.md
- alarm: docs/events/builtin/syscalls/alarm.md
- arch_prctl: docs/events/builtin/syscalls/arch_prctl.md
- bdflush: docs/events/builtin/syscalls/bdflush.md
- bind: docs/events/builtin/syscalls/bind.md
- bpf: docs/events/builtin/syscalls/bpf.md
- break: docs/events/builtin/syscalls/break.md
- brk: docs/events/builtin/syscalls/brk.md
- capget: docs/events/builtin/syscalls/capget.md
- capset: docs/events/builtin/syscalls/capset.md
- chdir: docs/events/builtin/syscalls/chdir.md
- chmod: docs/events/builtin/syscalls/chmod.md
- chown: docs/events/builtin/syscalls/chown.md
- chown16: docs/events/builtin/syscalls/chown16.md
- chroot: docs/events/builtin/syscalls/chroot.md
- clock_adjtime: docs/events/builtin/syscalls/clock_adjtime.md
- clock_adjtime64: docs/events/builtin/syscalls/clock_adjtime64.md
- clock_getres: docs/events/builtin/syscalls/clock_getres.md
- clock_getres_time32: docs/events/builtin/syscalls/clock_getres_time32.md
- clock_gettime: docs/events/builtin/syscalls/clock_gettime.md
- clock_gettime32: docs/events/builtin/syscalls/clock_gettime32.md
- clock_nanosleep: docs/events/builtin/syscalls/clock_nanosleep.md
- clock_nanosleep_time32: docs/events/builtin/syscalls/clock_nanosleep_time32.md
- clock_settime: docs/events/builtin/syscalls/clock_settime.md
- clock_settime32: docs/events/builtin/syscalls/clock_settime32.md
- clone: docs/events/builtin/syscalls/clone.md
- clone3: docs/events/builtin/syscalls/clone3.md
- close: docs/events/builtin/syscalls/close.md
- close_range: docs/events/builtin/syscalls/close_range.md
- connect: docs/events/builtin/syscalls/connect.md
- copy_file_range: docs/events/builtin/syscalls/copy_file_range.md
- creat: docs/events/builtin/syscalls/creat.md
- create_module: docs/events/builtin/syscalls/create_module.md
- delete_module: docs/events/builtin/syscalls/delete_module.md
- dup: docs/events/builtin/syscalls/dup.md
- dup2: docs/events/builtin/syscalls/dup2.md
- dup3: docs/events/builtin/syscalls/dup3.md
- epoll_create: docs/events/builtin/syscalls/epoll_create.md
- epoll_create1: docs/events/builtin/syscalls/epoll_create1.md
- epoll_ctl: docs/events/builtin/syscalls/epoll_ctl.md
- epoll_ctl_old: docs/events/builtin/syscalls/epoll_ctl_old.md
- epoll_pwait: docs/events/builtin/syscalls/epoll_pwait.md
- epoll_pwait2: docs/events/builtin/syscalls/epoll_pwait2.md
- epoll_wait: docs/events/builtin/syscalls/epoll_wait.md
- epoll_wait_old: docs/events/builtin/syscalls/epoll_wait_old.md
- eventfd: docs/events/builtin/syscalls/eventfd.md
- eventfd2: docs/events/builtin/syscalls/eventfd2.md
- execve: docs/events/builtin/syscalls/execve.md
- execveat: docs/events/builtin/syscalls/execveat.md
- exit: docs/events/builtin/syscalls/exit.md
- exit_group: docs/events/builtin/syscalls/exit_group.md
- faccessat: docs/events/builtin/syscalls/faccessat.md
- faccessat2: docs/events/builtin/syscalls/faccessat2.md
- fadvise64: docs/events/builtin/syscalls/fadvise64.md
- fadvise64_64: docs/events/builtin/syscalls/fadvise64_64.md
- fallocate: docs/events/builtin/syscalls/fallocate.md
- fanotify_init: docs/events/builtin/syscalls/fanotify_init.md
- fanotify_mark: docs/events/builtin/syscalls/fanotify_mark.md
- fchdir: docs/events/builtin/syscalls/fchdir.md
- fchmod: docs/events/builtin/syscalls/fchmod.md
- fchmodat: docs/events/builtin/syscalls/fchmodat.md
- fchown: docs/events/builtin/syscalls/fchown.md
- fchown16: docs/events/builtin/syscalls/fchown16.md
- fchownat: docs/events/builtin/syscalls/fchownat.md
- fcntl: docs/events/builtin/syscalls/fcntl.md
- fcntl64: docs/events/builtin/syscalls/fcntl64.md
- fdatasync: docs/events/builtin/syscalls/fdatasync.md
- fgetxattr: docs/events/builtin/syscalls/fgetxattr.md
- finit_module: docs/events/builtin/syscalls/finit_module.md
- flistxattr: docs/events/builtin/syscalls/flistxattr.md
- flock: docs/events/builtin/syscalls/flock.md
- fork: docs/events/builtin/syscalls/fork.md
- fremovexattr: docs/events/builtin/syscalls/fremovexattr.md
- fsconfig: docs/events/builtin/syscalls/fsconfig.md
- fsetxattr: docs/events/builtin/syscalls/fsetxattr.md
- fsmount: docs/events/builtin/syscalls/fsmount.md
- fsopen: docs/events/builtin/syscalls/fsopen.md
- fspick: docs/events/builtin/syscalls/fspick.md
- fstat: docs/events/builtin/syscalls/fstat.md
- fstat64: docs/events/builtin/syscalls/fstat64.md
- fstatfs: docs/events/builtin/syscalls/fstatfs.md
- fstatfs64: docs/events/builtin/syscalls/fstatfs64.md
- fsync: docs/events/builtin/syscalls/fsync.md
- ftime: docs/events/builtin/syscalls/ftime.md
- ftruncate: docs/events/builtin/syscalls/ftruncate.md
- ftruncate64: docs/events/builtin/syscalls/ftruncate64.md
- futex: docs/events/builtin/syscalls/futex.md
- futex_time32: docs/events/builtin/syscalls/futex_time32.md
- futimesat: docs/events/builtin/syscalls/futimesat.md
- get_kernel_syms: docs/events/builtin/syscalls/get_kernel_syms.md
- get_mempolicy: docs/events/builtin/syscalls/get_mempolicy.md
- get_robust_list: docs/events/builtin/syscalls/get_robust_list.md
- get_thread_area: docs/events/builtin/syscalls/get_thread_area.md
- getcpu: docs/events/builtin/syscalls/getcpu.md
- getcwd: docs/events/builtin/syscalls/getcwd.md
- getdents: docs/events/builtin/syscalls/getdents.md
- getdents64: docs/events/builtin/syscalls/getdents64.md
- getegid: docs/events/builtin/syscalls/getegid.md
- getegid16: docs/events/builtin/syscalls/getegid16.md
- geteuid: docs/events/builtin/syscalls/geteuid.md
- geteuid16: docs/events/builtin/syscalls/geteuid16.md
- getgid: docs/events/builtin/syscalls/getgid.md
- getgid16: docs/events/builtin/syscalls/getgid16.md
- getgroups: docs/events/builtin/syscalls/getgroups.md
- getgroups16: docs/events/builtin/syscalls/getgroups16.md
- getitimer: docs/events/builtin/syscalls/getitimer.md
- getpeername: docs/events/builtin/syscalls/getpeername.md
- getpgid: docs/events/builtin/syscalls/getpgid.md
- getpgrp: docs/events/builtin/syscalls/getpgrp.md
- getpid: docs/events/builtin/syscalls/getpid.md
- getpmsg: docs/events/builtin/syscalls/getpmsg.md
- getppid: docs/events/builtin/syscalls/getppid.md
- getpriority: docs/events/builtin/syscalls/getpriority.md
- getrandom: docs/events/builtin/syscalls/getrandom.md
- getresgid: docs/events/builtin/syscalls/getresgid.md
- getresgid16: docs/events/builtin/syscalls/getresgid16.md
- getresuid: docs/events/builtin/syscalls/getresuid.md
- getresuid16: docs/events/builtin/syscalls/getresuid16.md
- getrlimit: docs/events/builtin/syscalls/getrlimit.md
- getrusage: docs/events/builtin/syscalls/getrusage.md
- getsid: docs/events/builtin/syscalls/getsid.md
- getsockname: docs/events/builtin/syscalls/getsockname.md
- getsockopt: docs/events/builtin/syscalls/getsockopt.md
- gettid: docs/events/builtin/syscalls/gettid.md
- gettimeofday: docs/events/builtin/syscalls/gettimeofday.md
- getuid: docs/events/builtin/syscalls/getuid.md
- getuid16: docs/events/builtin/syscalls/getuid16.md
- getxattr: docs/events/builtin/syscalls/getxattr.md
- gtty: docs/events/builtin/syscalls/gtty.md
- idle: docs/events/builtin/syscalls/idle.md
- init_module: docs/events/builtin/syscalls/init_module.md
- inotify_add_watch: docs/events/builtin/syscalls/inotify_add_watch.md
- inotify_init: docs/events/builtin/syscalls/inotify_init.md
- inotify_init1: docs/events/builtin/syscalls/inotify_init1.md
- inotify_rm_watch: docs/events/builtin/syscalls/inotify_rm_watch.md
- io_cancel: docs/events/builtin/syscalls/io_cancel.md
- io_destroy: docs/events/builtin/syscalls/io_destroy.md
- io_getevents: docs/events/builtin/syscalls/io_getevents.md
- io_pgetevents: docs/events/builtin/syscalls/io_pgetevents.md
- io_pgetevents_time32: docs/events/builtin/syscalls/io_pgetevents_time32.md
- io_setup: docs/events/builtin/syscalls/io_setup.md
- io_submit: docs/events/builtin/syscalls/io_submit.md
- io_uring_enter: docs/events/builtin/syscalls/io_uring_enter.md
- io_uring_register: docs/events/builtin/syscalls/io_uring_register.md
- io_uring_setup: docs/events/builtin/syscalls/io_uring_setup.md
- ioctl: docs/events/builtin/syscalls/ioctl.md
- ioperm: docs/events/builtin/syscalls/ioperm.md
- iopl: docs/events/builtin/syscalls/iopl.md
- ioprio_get: docs/events/builtin/syscalls/ioprio_get.md
- ioprio_set: docs/events/builtin/syscalls/ioprio_set.md
- ipc: docs/events/builtin/syscalls/ipc.md
- kcmp: docs/events/builtin/syscalls/kcmp.md
- kexec_file_load: docs/events/builtin/syscalls/kexec_file_load.md
- kexec_load: docs/events/builtin/syscalls/kexec_load.md
- keyctl: docs/events/builtin/syscalls/keyctl.md
- kill: docs/events/builtin/syscalls/kill.md
- landlock_add_rule: docs/events/builtin/syscalls/landlock_add_rule.md
- landlock_create_ruleset: docs/events/builtin/syscalls/landlock_create_ruleset.md
- landlock_restrict_self: docs/events/builtin/syscalls/landlock_restrict_self.md
- lchown: docs/events/builtin/syscalls/lchown.md
- lchown16: docs/events/builtin/syscalls/lchown16.md
- lgetxattr: docs/events/builtin/syscalls/lgetxattr.md
- link: docs/events/builtin/syscalls/link.md
- linkat: docs/events/builtin/syscalls/linkat.md
- listen: docs/events/builtin/syscalls/listen.md
- listxattr: docs/events/builtin/syscalls/listxattr.md
- llistxattr: docs/events/builtin/syscalls/llistxattr.md
- llseek: docs/events/builtin/syscalls/llseek.md
- lock: docs/events/builtin/syscalls/lock.md
- lookup_dcookie: docs/events/builtin/syscalls/lookup_dcookie.md
- lremovexattr: docs/events/builtin/syscalls/lremovexattr.md
- lseek: docs/events/builtin/syscalls/lseek.md
- lsetxattr: docs/events/builtin/syscalls/lsetxattr.md
- lstat: docs/events/builtin/syscalls/lstat.md
- lstat64: docs/events/builtin/syscalls/lstat64.md
- madvise: docs/events/builtin/syscalls/madvise.md
- mbind: docs/events/builtin/syscalls/mbind.md
- membarrier: docs/events/builtin/syscalls/membarrier.md
- memfd_create: docs/events/builtin/syscalls/memfd_create.md
- memfd_secret: docs/events/builtin/syscalls/memfd_secret.md
- migrate_pages: docs/events/builtin/syscalls/migrate_pages.md
- mincore: docs/events/builtin/syscalls/mincore.md
- mkdir: docs/events/builtin/syscalls/mkdir.md
- mkdirat: docs/events/builtin/syscalls/mkdirat.md
- mknod: docs/events/builtin/syscalls/mknod.md
- mknodat: docs/events/builtin/syscalls/mknodat.md
- mlock: docs/events/builtin/syscalls/mlock.md
- mlock2: docs/events/builtin/syscalls/mlock2.md
- mlockall: docs/events/builtin/syscalls/mlockall.md
- mmap: docs/events/builtin/syscalls/mmap.md
- mmap2: docs/events/builtin/syscalls/mmap2.md
- modify_ldt: docs/events/builtin/syscalls/modify_ldt.md
- mount: docs/events/builtin/syscalls/mount.md
- mount_setattr: docs/events/builtin/syscalls/mount_setattr.md
- move_mount: docs/events/builtin/syscalls/move_mount.md
- move_pages: docs/events/builtin/syscalls/move_pages.md
- mprotect: docs/events/builtin/syscalls/mprotect.md
- mpx: docs/events/builtin/syscalls/mpx.md
- mq_getsetattr: docs/events/builtin/syscalls/mq_getsetattr.md
- mq_notify: docs/events/builtin/syscalls/mq_notify.md
- mq_open: docs/events/builtin/syscalls/mq_open.md
- mq_timedreceive: docs/events/builtin/syscalls/mq_timedreceive.md
- mq_timedreceive_time32: docs/events/builtin/syscalls/mq_timedreceive_time32.md
- mq_timedsend: docs/events/builtin/syscalls/mq_timedsend.md
- mq_timedsend_time32: docs/events/builtin/syscalls/mq_timedsend_time32.md
- mq_unlink: docs/events/builtin/syscalls/mq_unlink.md
- mremap: docs/events/builtin/syscalls/mremap.md
- msgctl: docs/events/builtin/syscalls/msgctl.md
- msgget: docs/events/builtin/syscalls/msgget.md
- msgrcv: docs/events/builtin/syscalls/msgrcv.md
- msgsnd: docs/events/builtin/syscalls/msgsnd.md
- msync: docs/events/builtin/syscalls/msync.md
- munlock: docs/events/builtin/syscalls/munlock.md
- munlockall: docs/events/builtin/syscalls/munlockall.md
- munmap: docs/events/builtin/syscalls/munmap.md
- name_to_handle_at: docs/events/builtin/syscalls/name_to_handle_at.md
- nanosleep: docs/events/builtin/syscalls/nanosleep.md
- newfstatat: docs/events/builtin/syscalls/newfstatat.md
- nfsservctl: docs/events/builtin/syscalls/nfsservctl.md
- nice: docs/events/builtin/syscalls/nice.md
- old_getrlimit: docs/events/builtin/syscalls/old_getrlimit.md
- old_select: docs/events/builtin/syscalls/old_select.md
- oldfstat: docs/events/builtin/syscalls/oldfstat.md
- oldlstat: docs/events/builtin/syscalls/oldlstat.md
- oldolduname: docs/events/builtin/syscalls/oldolduname.md
- oldstat: docs/events/builtin/syscalls/oldstat.md
- olduname: docs/events/builtin/syscalls/olduname.md
- open: docs/events/builtin/syscalls/open.md
- open_by_handle_at: docs/events/builtin/syscalls/open_by_handle_at.md
- open_tree: docs/events/builtin/syscalls/open_tree.md
- openat: docs/events/builtin/syscalls/openat.md
- openat2: docs/events/builtin/syscalls/openat2.md
- pause: docs/events/builtin/syscalls/pause.md
- perf_event_open: docs/events/builtin/syscalls/perf_event_open.md
- personality: docs/events/builtin/syscalls/personality.md
- pidfd_getfd: docs/events/builtin/syscalls/pidfd_getfd.md
- pidfd_open: docs/events/builtin/syscalls/pidfd_open.md
- pidfd_send_signal: docs/events/builtin/syscalls/pidfd_send_signal.md
- pipe: docs/events/builtin/syscalls/pipe.md
- pipe2: docs/events/builtin/syscalls/pipe2.md
- pivot_root: docs/events/builtin/syscalls/pivot_root.md
- pkey_alloc: docs/events/builtin/syscalls/pkey_alloc.md
- pkey_free: docs/events/builtin/syscalls/pkey_free.md
- pkey_mprotect: docs/events/builtin/syscalls/pkey_mprotect.md
- poll: docs/events/builtin/syscalls/poll.md
- ppoll: docs/events/builtin/syscalls/ppoll.md
- ppoll_time32: docs/events/builtin/syscalls/ppoll_time32.md
- prctl: docs/events/builtin/syscalls/prctl.md
- pread64: docs/events/builtin/syscalls/pread64.md
- preadv: docs/events/builtin/syscalls/preadv.md
- preadv2: docs/events/builtin/syscalls/preadv2.md
- prlimit64: docs/events/builtin/syscalls/prlimit64.md
- process_madvise: docs/events/builtin/syscalls/process_madvise.md
- process_mrelease: docs/events/builtin/syscalls/process_mrelease.md
- process_vm_readv: docs/events/builtin/syscalls/process_vm_readv.md
- process_vm_writev: docs/events/builtin/syscalls/process_vm_writev.md
- prof: docs/events/builtin/syscalls/prof.md
- profil: docs/events/builtin/syscalls/profil.md
- pselect6: docs/events/builtin/syscalls/pselect6.md
- pselect6_time32: docs/events/builtin/syscalls/pselect6_time32.md
- ptrace: docs/events/builtin/syscalls/ptrace.md
- putpmsg: docs/events/builtin/syscalls/putpmsg.md
- pwrite64: docs/events/builtin/syscalls/pwrite64.md
- pwritev: docs/events/builtin/syscalls/pwritev.md
- pwritev2: docs/events/builtin/syscalls/pwritev2.md
- query_module: docs/events/builtin/syscalls/query_module.md
- quotactl: docs/events/builtin/syscalls/quotactl.md
- quotactl_fd: docs/events/builtin/syscalls/quotactl_fd.md
- read: docs/events/builtin/syscalls/read.md
- readahead: docs/events/builtin/syscalls/readahead.md
- readdir: docs/events/builtin/syscalls/readdir.md
- readlink: docs/events/builtin/syscalls/readlink.md
- readlinkat: docs/events/builtin/syscalls/readlinkat.md
- readv: docs/events/builtin/syscalls/readv.md
- reboot: docs/events/builtin/syscalls/reboot.md
- recvfrom: docs/events/builtin/syscalls/recvfrom.md
- recvmmsg: docs/events/builtin/syscalls/recvmmsg.md
- recvmmsg_time32: docs/events/builtin/syscalls/recvmmsg_time32.md
- recvmsg: docs/events/builtin/syscalls/recvmsg.md
- remap_file_pages: docs/events/builtin/syscalls/remap_file_pages.md
- removexattr: docs/events/builtin/syscalls/removexattr.md
- rename: docs/events/builtin/syscalls/rename.md
- renameat: docs/events/builtin/syscalls/renameat.md
- renameat2: docs/events/builtin/syscalls/renameat2.md
- request_key: docs/events/builtin/syscalls/request_key.md
- restart_syscall: docs/events/builtin/syscalls/restart_syscall.md
- rmdir: docs/events/builtin/syscalls/rmdir.md
- rseq: docs/events/builtin/syscalls/rseq.md
- rt_sigaction: docs/events/builtin/syscalls/rt_sigaction.md
- rt_sigpending: docs/events/builtin/syscalls/rt_sigpending.md
- rt_sigprocmask: docs/events/builtin/syscalls/rt_sigprocmask.md
- rt_sigqueueinfo: docs/events/builtin/syscalls/rt_sigqueueinfo.md
- rt_sigreturn: docs/events/builtin/syscalls/rt_sigreturn.md
- rt_sigsuspend: docs/events/builtin/syscalls/rt_sigsuspend.md
- rt_sigtimedwait: docs/events/builtin/syscalls/rt_sigtimedwait.md
- rt_sigtimedwait_time32: docs/events/builtin/syscalls/rt_sigtimedwait_time32.md
- rt_tgsigqueueinfo: docs/events/builtin/syscalls/rt_tgsigqueueinfo.md
- sched_get_priority_max: docs/events/builtin/syscalls/sched_get_priority_max.md
- sched_get_priority_min: docs/events/builtin/syscalls/sched_get_priority_min.md
- sched_getaffinity: docs/events/builtin/syscalls/sched_getaffinity.md
- sched_getattr: docs/events/builtin/syscalls/sched_getattr.md
- sched_getparam: docs/events/builtin/syscalls/sched_getparam.md
- sched_getscheduler: docs/events/builtin/syscalls/sched_getscheduler.md
- sched_rr_get_interval: docs/events/builtin/syscalls/sched_rr_get_interval.md
- sched_rr_get_interval_time32: docs/events/builtin/syscalls/sched_rr_get_interval_time32.md
- sched_setaffinity: docs/events/builtin/syscalls/sched_setaffinity.md
- sched_setattr: docs/events/builtin/syscalls/sched_setattr.md
- sched_setparam: docs/events/builtin/syscalls/sched_setparam.md
- sched_setscheduler: docs/events/builtin/syscalls/sched_setscheduler.md
- sched_yield: docs/events/builtin/syscalls/sched_yield.md
- seccomp: docs/events/builtin/syscalls/seccomp.md
- security: docs/events/builtin/syscalls/security.md
- select: docs/events/builtin/syscalls/select.md
- semctl: docs/events/builtin/syscalls/semctl.md
- semget: docs/events/builtin/syscalls/semget.md
- semop: docs/events/builtin/syscalls/semop.md
- semtimedop: docs/events/builtin/syscalls/semtimedop.md
- sendfile: docs/events/builtin/syscalls/sendfile.md
- sendfile32: docs/events/builtin/syscalls/sendfile32.md
- sendmmsg: docs/events/builtin/syscalls/sendmmsg.md
- sendmsg: docs/events/builtin/syscalls/sendmsg.md
- sendto: docs/events/builtin/syscalls/sendto.md
- set_mempolicy: docs/events/builtin/syscalls/set_mempolicy.md
- set_robust_list: docs/events/builtin/syscalls/set_robust_list.md
- set_thread_area: docs/events/builtin/syscalls/set_thread_area.md
- set_tid_address: docs/events/builtin/syscalls/set_tid_address.md
- setdomainname: docs/events/builtin/syscalls/setdomainname.md
- setfsgid: docs/events/builtin/syscalls/setfsgid.md
- setfsgid16: docs/events/builtin/syscalls/setfsgid16.md
- setfsuid: docs/events/builtin/syscalls/setfsuid.md
- setfsuid16: docs/events/builtin/syscalls/setfsuid16.md
- setgid: docs/events/builtin/syscalls/setgid.md
- setgid16: docs/events/builtin/syscalls/setgid16.md
- setgroups: docs/events/builtin/syscalls/setgroups.md
- setgroups16: docs/events/builtin/syscalls/setgroups16.md
- sethostname: docs/events/builtin/syscalls/sethostname.md
- setitimer: docs/events/builtin/syscalls/setitimer.md
- setns: docs/events/builtin/syscalls/setns.md
- setpgid: docs/events/builtin/syscalls/setpgid.md
- setpriority: docs/events/builtin/syscalls/setpriority.md
- setregid: docs/events/builtin/syscalls/setregid.md
- setregid16: docs/events/builtin/syscalls/setregid16.md
- setresgid: docs/events/builtin/syscalls/setresgid.md
- setresgid16: docs/events/builtin/syscalls/setresgid16.md
- setresuid: docs/events/builtin/syscalls/setresuid.md
- setresuid16: docs/events/builtin/syscalls/setresuid16.md
- setreuid: docs/events/builtin/syscalls/setreuid.md
- setreuid16: docs/events/builtin/syscalls/setreuid16.md
- setrlimit: docs/events/builtin/syscalls/setrlimit.md
- setsid: docs/events/builtin/syscalls/setsid.md
- setsockopt: docs/events/builtin/syscalls/setsockopt.md
- settimeofday: docs/events/builtin/syscalls/settimeofday.md
- setuid: docs/events/builtin/syscalls/setuid.md
- setuid16: docs/events/builtin/syscalls/setuid16.md
- setxattr: docs/events/builtin/syscalls/setxattr.md
- sgetmask: docs/events/builtin/syscalls/sgetmask.md
- shmat: docs/events/builtin/syscalls/shmat.md
- shmctl: docs/events/builtin/syscalls/shmctl.md
- shmdt: docs/events/builtin/syscalls/shmdt.md
- shmget: docs/events/builtin/syscalls/shmget.md
- shutdown: docs/events/builtin/syscalls/shutdown.md
- sigaction: docs/events/builtin/syscalls/sigaction.md
- sigaltstack: docs/events/builtin/syscalls/sigaltstack.md
- signal: docs/events/builtin/syscalls/signal.md
- signalfd: docs/events/builtin/syscalls/signalfd.md
- signalfd4: docs/events/builtin/syscalls/signalfd4.md
- sigpending: docs/events/builtin/syscalls/sigpending.md
- sigprocmask: docs/events/builtin/syscalls/sigprocmask.md
- sigreturn: docs/events/builtin/syscalls/sigreturn.md
- sigsuspend: docs/events/builtin/syscalls/sigsuspend.md
- socket: docs/events/builtin/syscalls/socket.md
- socketcall: docs/events/builtin/syscalls/socketcall.md
- socketpair: docs/events/builtin/syscalls/socketpair.md
- splice: docs/events/builtin/syscalls/splice.md
- ssetmask: docs/events/builtin/syscalls/ssetmask.md
- stat: docs/events/builtin/syscalls/stat.md
- stat64: docs/events/builtin/syscalls/stat64.md
- statfs: docs/events/builtin/syscalls/statfs.md
- statfs64: docs/events/builtin/syscalls/statfs64.md
- statx: docs/events/builtin/syscalls/statx.md
- stime: docs/events/builtin/syscalls/stime.md
- stty: docs/events/builtin/syscalls/stty.md
- swapoff: docs/events/builtin/syscalls/swapoff.md
- swapon: docs/events/builtin/syscalls/swapon.md
- symlink: docs/events/builtin/syscalls/symlink.md
- symlinkat: docs/events/builtin/syscalls/symlinkat.md
- sync: docs/events/builtin/syscalls/sync.md
- sync_file_range: docs/events/builtin/syscalls/sync_file_range.md
- syncfs: docs/events/builtin/syscalls/syncfs.md
- sysctl: docs/events/builtin/syscalls/sysctl.md
- sysfs: docs/events/builtin/syscalls/sysfs.md
- sysinfo: docs/events/builtin/syscalls/sysinfo.md
- syslog: docs/events/builtin/syscalls/syslog.md
- tee: docs/events/builtin/syscalls/tee.md
- tgkill: docs/events/builtin/syscalls/tgkill.md
- time: docs/events/builtin/syscalls/time.md
- timer_create: docs/events/builtin/syscalls/timer_create.md
- timer_delete: docs/events/builtin/syscalls/timer_delete.md
- timer_getoverrun: docs/events/builtin/syscalls/timer_getoverrun.md
- timer_gettime: docs/events/builtin/syscalls/timer_gettime.md
- timer_gettime32: docs/events/builtin/syscalls/timer_gettime32.md
- timer_settime: docs/events/builtin/syscalls/timer_settime.md
- timer_settime32: docs/events/builtin/syscalls/timer_settime32.md
- timerfd_create: docs/events/builtin/syscalls/timerfd_create.md
- timerfd_gettime: docs/events/builtin/syscalls/timerfd_gettime.md
- timerfd_gettime32: docs/events/builtin/syscalls/timerfd_gettime32.md
- timerfd_settime: docs/events/builtin/syscalls/timerfd_settime.md
- timerfd_settime32: docs/events/builtin/syscalls/timerfd_settime32.md
- times: docs/events/builtin/syscalls/times.md
- tkill: docs/events/builtin/syscalls/tkill.md
- truncate: docs/events/builtin/syscalls/truncate.md
- truncate64: docs/events/builtin/syscalls/truncate64.md
- tuxcall: docs/events/builtin/syscalls/tuxcall.md
- ulimit: docs/events/builtin/syscalls/ulimit.md
- umask: docs/events/builtin/syscalls/umask.md
- umount: docs/events/builtin/syscalls/umount.md
- umount2: docs/events/builtin/syscalls/umount2.md
- uname: docs/events/builtin/syscalls/uname.md
- unlink: docs/events/builtin/syscalls/unlink.md
- unlinkat: docs/events/builtin/syscalls/unlinkat.md
- unshare: docs/events/builtin/syscalls/unshare.md
- uselib: docs/events/builtin/syscalls/uselib.md
- userfaultfd: docs/events/builtin/syscalls/userfaultfd.md
- ustat: docs/events/builtin/syscalls/ustat.md
- utime: docs/events/builtin/syscalls/utime.md
- utimensat: docs/events/builtin/syscalls/utimensat.md
- utimensat_time32: docs/events/builtin/syscalls/utimensat_time32.md
- utimes: docs/events/builtin/syscalls/utimes.md
- vfork: docs/events/builtin/syscalls/vfork.md
- vhangup: docs/events/builtin/syscalls/vhangup.md
- vm86: docs/events/builtin/syscalls/vm86.md
- vm86old: docs/events/builtin/syscalls/vm86old.md
- vmsplice: docs/events/builtin/syscalls/vmsplice.md
- vserver: docs/events/builtin/syscalls/vserver.md
- wait4: docs/events/builtin/syscalls/wait4.md
- waitid: docs/events/builtin/syscalls/waitid.md
- waitpid: docs/events/builtin/syscalls/waitpid.md
- write: docs/events/builtin/syscalls/write.md
- writev: docs/events/builtin/syscalls/writev.md
- Network Events: docs/events/builtin/network.md
- Behavioral Signatures: docs/events/builtin/signatures.md
- Extra Events:
- do_sigaction: docs/events/builtin/extra/do_sigaction.md
- kallsysm_lookup_name: docs/events/builtin/extra/kallsyms_lookup_name.md
- vfs_read: docs/events/builtin/extra/vfs_read.md
- vfs_readv: docs/events/builtin/extra/vfs_readv.md
- file_modification: docs/events/builtin/extra/file_modification.md
- security_file_mprotect: docs/events/builtin/extra/security_file_mprotect.md
- security_socket_setsockopt: docs/events/builtin/extra/security_socket_setsockopt.md
- bpf_attach: docs/events/builtin/extra/bpf_attach.md
- magic_write: docs/events/builtin/extra/magic_write.md
- mem_prot_alert: docs/events/builtin/extra/mem_prot_alert.md
- symbols_loaded: docs/events/builtin/extra/symbols_loaded.md
- symbols_collision: docs/events/builtin/extra/symbols_collision.md
- hidden_kernel_module: docs/events/builtin/extra/hidden_kernel_module.md
- process_execute_failed: docs/events/builtin/extra/process_execute_failed.md
- security_bpf_prog: docs/events/builtin/extra/security_bpf_prog.md
- Custom Events:
- Overview: docs/events/custom/overview.md
- Go: docs/events/custom/golang.md
- Rego: docs/events/custom/rego.md
- Analyze: docs/events/custom/analyze.md
- Policies:
- Overview: docs/policies/index.md
- Scopes: docs/policies/scopes.md
- Rules: docs/policies/rules.md
- Filters:
- Filtering: docs/filters/filtering.md
- Outputs:
- Output Formats: docs/outputs/output-formats.md
- Output Options: docs/outputs/output-options.md
- Logging: docs/outputs/logging.md
- Config:
- Overview: docs/config/overview.md
- Kubernetes: docs/config/kubernetes.md
- Forensics:
- Getting Started: docs/forensics/index.md
- Integrations:
- Container Engines: docs/integrating/container-engines.md
- Prometheus: docs/integrating/prometheus.md
- Healthz: docs/integrating/healthz.md
- Data Sources:
- Overview: docs/data-sources/overview.md
- Deep Dive:
- Caching Events: docs/deep-dive/caching-events.md
- Ordering Events: docs/deep-dive/ordering-events.md
- Dropping Capabilities: docs/deep-dive/dropping-capabilities.md
- Secure Tracing: docs/deep-dive/secure-tracing.md
- Contributing:
- Overview: contributing/overview.md
- Source Code Guidelines: contributing/guidelines.md
- Architecture: contributing/architecture.md
- Setup Development Machine with Vagrant: contributing/setup-development-machine-with-vagrant.md
- Building:
- Building Tracee: contributing/building/building.md
- Building Environment: contributing/building/environment.md
- Building Containers: contributing/building/containers.md
- OS Packaging: contributing/building/packaging.md
theme:
name: material
language: "en"
logo: images/tracee_logo_only.png
features:
- navigation.tabs
- navigation.tabs.sticky
- navigation.sections
- content.tabs.link
markdown_extensions:
- pymdownx.highlight
- pymdownx.superfences
- admonition
- toc:
permalink: true
extra:
generator: false
version:
method: mike
provider: mike
plugins:
- search
- macros