watch_ebpf

Plugin

ArgDescriptionType
eventsA list of event names to acquire.list of string (required)
include_envInclude process environment variables.bool

Required permissions:MACHINE_STATE

Description

Watch for events from eBPF.

This plugin uses the integrated tracee eBPF engine to stream events.

See https://github.com/Velocidex/tracee_velociraptor for more details.

See also

  • ebpf_events: Dumps information about potential ebpf_events.