The following are only available when running Velociraptor on Linux.
| Plugin/Function | Type | Description |
|---|---|---|
| audit | Plugin | Register as an audit daemon in the kernel |
| connections | Plugin | List all active connections |
| ebpf_events | Plugin | Dumps information about potential ebpf_events that can be used by the |
| sysinfo | Function | Collect system information on Linux clients |
| watch_ebpf | Plugin | Watch for events from eBPF |