sysflow-telemetry/sysflow issues and pull requests

#100 - Unable to enrich the data with Kubernetes Metadata on K3s

Issue - State: open - Opened by VishwasSomasekhariah almost 2 years ago
Labels: bug

#99 - Unable to Deploy and Collect raw eBPF data on Civo K3s

Issue - State: closed - Opened by VishwasSomasekhariah about 2 years ago - 4 comments
Labels: bug

#98 - Collect exported environment variables

Issue - State: closed - Opened by araujof about 2 years ago
Labels: enhancement, libsysflow

#97 - Add current working directory (cwd) to the process object

Issue - State: open - Opened by araujof about 2 years ago
Labels: enhancement, libsysflow

#96 - Add support for modern eBPF driver (CORE)

Issue - State: closed - Opened by araujof about 2 years ago
Labels: enhancement, sf-collector, libsysflow

#95 - Add support for open_by_handle_at syscall

Issue - State: open - Opened by araujof about 2 years ago
Labels: enhancement, sf-collector, libsysflow

#94 - Create 2022-11-21-cloud-metadata-support.md

Pull Request - State: closed - Opened by ghost about 2 years ago

#93 - SysFlow 0.5.0 release notes

Pull Request - State: closed - Opened by araujof over 2 years ago - 1 comment

#92 - Deploying SysFlow on OpenShift 4.10.x

Issue - State: closed - Opened by egrol over 2 years ago - 2 comments
Labels: question

#91 - libsysflow

Issue - State: closed - Opened by araujof over 2 years ago - 1 comment
Labels: enhancement, sf-collector, tracking

#90 - Cut 0.5.0 release

Issue - State: closed - Opened by araujof over 2 years ago
Labels: documentation, release

#89 - new(post): added 0.4.0 release blog post

Pull Request - State: closed - Opened by araujof almost 3 years ago

#88 - update(blog): fix link to notebook to new structure and include the n…

Pull Request - State: closed - Opened by ghost almost 3 years ago

#87 - add(blog): add a new blog entry describing the mitre-tag-timeline exp…

Pull Request - State: closed - Opened by ghost about 3 years ago

#86 - Cut 0.4.0 release

Issue - State: closed - Opened by araujof about 3 years ago - 1 comment
Labels: documentation, release

#85 - Add backwards support for `filter` rule in policy language

Issue - State: closed - Opened by araujof about 3 years ago
Labels: bug

#84 - Cherry pick Falco build from branch and update with the latest Falco release.

Issue - State: closed - Opened by araujof about 3 years ago
Labels: enhancement

#83 - new policy engine / modes / actions: documentation (incl migration / backward compatibility)

Issue - State: closed - Opened by ghost about 3 years ago - 1 comment

#82 - Set event.kind to 'event' vs 'alert' during ECS conversion

Issue - State: closed - Opened by ghost about 3 years ago - 1 comment
Labels: enhancement

#81 - Update 2021-11-08-bheu21-threat-hunting.md

Pull Request - State: closed - Opened by ghost about 3 years ago

#80 - Add new blog entry for the Open Hunting entry at Black Hat

Pull Request - State: closed - Opened by ghost about 3 years ago

#79 - Implement collection of cloud metadata

Issue - State: closed - Opened by ghost over 3 years ago - 1 comment
Labels: enhancement, sf-collector

#78 - Parametric object storage export path configuration

Issue - State: closed - Opened by araujof over 3 years ago
Labels: enhancement, sf-exporter, sf-processor

#77 - Update sf-collector to use Falco Libs

Issue - State: closed - Opened by araujof over 3 years ago
Labels: enhancement, sf-collector

#76 - Rename 2021-08-20-welcome.md to 2021-08-11-welcome.md

Pull Request - State: closed - Opened by ghost over 3 years ago

#75 - Rename 2021-08-11-elk-integration.md to 2021-08-20-elk-integration.md

Pull Request - State: closed - Opened by ghost over 3 years ago

#74 - Update _config.yml

Pull Request - State: closed - Opened by ghost over 3 years ago

#73 - Update index.html

Pull Request - State: closed - Opened by ghost over 3 years ago

#72 - Added post on ELK integration

Pull Request - State: closed - Opened by san-zrl over 3 years ago - 1 comment

#71 - Clarify and streamline engine modes and rule actions in sf-processor

Issue - State: closed - Opened by ghost over 3 years ago - 29 comments
Labels: enhancement, sf-processor

#70 - sf-processor mode=bypass insists on 'policies' line in config

Issue - State: closed - Opened by ghost over 3 years ago
Labels: bug

#69 - Tee pipeline: Same data ending up in both targets; duplicates on filter path

Issue - State: closed - Opened by san-zrl over 3 years ago
Labels: bug

#68 - Policy actions - implementation missing

Issue - State: closed - Opened by san-zrl over 3 years ago
Labels: enhancement

#67 - Handling non-existing attributes in policy engine rules

Issue - State: closed - Opened by san-zrl over 3 years ago
Labels: bug

#66 - docker image for sf-collector: quoted filter conditions do not work

Issue - State: closed - Opened by san-zrl over 3 years ago
Labels: bug

#65 - Issue with policy engine interpreter when parsing lists with quoted literals

Issue - State: closed - Opened by araujof over 3 years ago
Labels: bug, sf-processor

#64 - sf-exporter: Buffer re-use in json encoder leads to corrupt messages

Issue - State: closed - Opened by san-zrl over 3 years ago
Labels: bug

#63 - Add a command-line flag for the processor to parse configuration and policy files as a standalone tool

Issue - State: closed - Opened by araujof over 3 years ago
Labels: enhancement, sf-processor

#62 - Fix issue when reading secrets from a vault with nested directories inside the vault

Issue - State: closed - Opened by araujof over 3 years ago
Labels: bug, sf-apis

#61 - Add CLUSTER_ID to contextual events exported to S3

Issue - State: closed - Opened by araujof over 3 years ago
Labels: enhancement, sf-processor

#60 - Implement env variable override for dot-separated attributes

Issue - State: closed - Opened by araujof over 3 years ago
Labels: enhancement, sf-processor

#59 - Pull and update policies from S3/object store bucket

Issue - State: closed - Opened by araujof almost 4 years ago - 1 comment
Labels: enhancement, sf-processor

#58 - Sysporter intermittently segfaults on CentOS 7

Issue - State: closed - Opened by tangojulietlimalima almost 4 years ago - 2 comments
Labels: bug

#57 - Generate API documentation for sysflow golang apis

Issue - State: closed - Opened by Christina-Faulkner almost 4 years ago
Labels: enhancement

#56 - Review and improve quickstart documentation

Issue - State: closed - Opened by Christina-Faulkner almost 4 years ago
Labels: enhancement

#55 - Update deployment documentation

Issue - State: closed - Opened by Christina-Faulkner almost 4 years ago
Labels: enhancement

#54 - Develop documentation on how to contribute

Issue - State: closed - Opened by Christina-Faulkner almost 4 years ago
Labels: enhancement

#53 - Create docs folder for every project and organize docs files

Issue - State: closed - Opened by Christina-Faulkner almost 4 years ago - 1 comment
Labels: enhancement

#52 - Implement journaling mechanism when exporting data in the SysFlow Processor

Issue - State: closed - Opened by araujof almost 4 years ago
Labels: enhancement, sf-processor

#51 - Export handler for IBM Cloud Security Advisor Findings API

Issue - State: closed - Opened by araujof almost 4 years ago
Labels: enhancement, sf-processor

#50 - Support ECS as processor output format

Issue - State: closed - Opened by san-zrl almost 4 years ago - 1 comment
Labels: enhancement, sf-processor

#49 - Export to ElasticSearch

Issue - State: closed - Opened by san-zrl almost 4 years ago - 1 comment
Labels: enhancement, sf-processor

#48 - Output container.image name may not be the one docker-run specified for re-tagged images

Issue - State: closed - Opened by COLDTURNIP about 4 years ago - 1 comment
Labels: bug, sf-collector

#47 - Can't deploy the SysFlow agent on Minikube

Issue - State: closed - Opened by araujof about 4 years ago - 1 comment
Labels: bug, sf-collector

#46 - Kernel module "nouveau" is blacklisted with SysFlow

Issue - State: closed - Opened by weii666 about 4 years ago - 2 comments
Labels: bug, sf-collector

#45 - ncurses brings potential software license problem

Issue - State: closed - Opened by zvn over 4 years ago
Labels: bug, sf-collector

#44 - Notebooks in sf-apis/pynb fail on queries with 'prog.aname'

Issue - State: closed - Opened by ghost over 4 years ago - 1 comment
Labels: bug

#43 - Exporter file descriptor leaks while exporting to syslog

Issue - State: closed - Opened by COLDTURNIP over 4 years ago - 1 comment
Labels: bug, sf-exporter

#42 - sf-collector container does not handle SIGTERM

Issue - State: closed - Opened by COLDTURNIP over 4 years ago - 1 comment
Labels: bug, sf-collector

#41 - Launch-time compilation fails to lookup kernel source

Issue - State: closed - Opened by COLDTURNIP over 4 years ago - 1 comment
Labels: bug, sf-collector

#40 - exporter Error while decompressing data: incomplete or truncated stream

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 1 comment
Labels: bug

#39 - Documentation mismatch for sysflow.reader.FlattenedSFReader

Issue - State: closed - Opened by ghost almost 5 years ago
Labels: bug

#38 - How to know if a file has been opened for read or write

Issue - State: closed - Opened by mutazalsallal almost 5 years ago

#37 - Syslog forwarder issues - BrokenPipeError: [Errno 32] Broken pipe

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 2 comments
Labels: bug

#36 - how to know if a privileged container has been created

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 1 comment
Labels: question

#35 - sf-collector crashed - Unable to find file object of key .... containers/

Issue - State: closed - Opened by mutazalsallal almost 5 years ago
Labels: bug

#34 - No License file embeded in the collector and exporter image

Issue - State: closed - Opened by zvn almost 5 years ago
Labels: bug, sf-exporter, sf-collector

#33 - Publish SysFlow helm charts to the public stable repo

Issue - State: closed - Opened by weii666 almost 5 years ago
Labels: enhancement, sf-deployments

#32 - Add labels for Container images

Issue - State: closed - Opened by zvn almost 5 years ago
Labels: enhancement, sf-exporter, sf-collector

#31 - to log the file open flags in a readable string

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 1 comment
Labels: enhancement

#30 - Integrate CI framework for tests on each push

Issue - State: closed - Opened by zvn almost 5 years ago
Labels: enhancement, sf-exporter, sf-apis, sf-collector

#29 - sf-exporter on docker to syslog and not S3

Issue - State: closed - Opened by ghost almost 5 years ago - 1 comment
Labels: bug

#28 - sf-exporter no syslog traffic on docker

Issue - State: closed - Opened by ghost almost 5 years ago - 2 comments
Labels: bug

#27 - container attributes are not getting logged "incomplete"

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 4 comments
Labels: bug

#26 - Network Sent/Receive event doesn't have the correct source IP/port

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 2 comments
Labels: invalid

#25 - sf-collector: make install misses 'avro/avsc/SysFlow.avsc'

Issue - State: closed - Opened by ghost almost 5 years ago
Labels: bug

#24 - to add an option to export the logs to a file

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 2 comments
Labels: enhancement

#23 - username and group name is null for non root users

Issue - State: closed - Opened by mutazalsallal almost 5 years ago - 1 comment
Labels: bug

#22 - to log sysflow operational logs to an external file

Issue - State: closed - Opened by mutazalsallal about 5 years ago - 1 comment
Labels: enhancement

#21 - to document an example of using docker run command for sf-exporter with syslog

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: enhancement, sf-exporter

#20 - Port container images to build from RedHat UBI

Issue - State: closed - Opened by araujof about 5 years ago
Labels: enhancement, sf-exporter, sf-apis, sf-collector

#19 - Add Jupyter notebook image for SysFlow data exploration

Issue - State: closed - Opened by araujof about 5 years ago
Labels: enhancement, sf-apis

#18 - to log file.path2

Issue - State: closed - Opened by mutazalsallal about 5 years ago - 1 comment
Labels: enhancement

#17 - to log proc.state

Issue - State: closed - Opened by mutazalsallal about 5 years ago - 1 comment
Labels: enhancement, sf-apis

#16 - to log Grand Parent Process ID, Name and Path

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: enhancement

#15 - To log docker container labels

Issue - State: open - Opened by mutazalsallal about 5 years ago
Labels: enhancement

#14 - To log more details about the container image

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: enhancement

#13 - sf-collector crashed - No such file or directory: '/proc/self/fd/1'

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: bug, sf-collector

#12 - sf-collector crashed - getAbsolutePath

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: bug, sf-collector

#11 - To log the full container ID

Issue - State: closed - Opened by mutazalsallal about 5 years ago
Labels: enhancement

#10 - Add the ability to send data to multiple backends concurrently

Issue - State: closed - Opened by zitroij about 5 years ago - 2 comments
Labels: enhancement, sf-exporter, sf-collector

#9 - helm chart deployment writing empty sysflow files in Kubernetes

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: bug, sf-deployments, sf-collector, falco-libs

#8 - Add support for Pod object to SysFlow

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: enhancement, sf-collector, sysflow-spec

#7 - Filtering based on Entity/Flow/Event type

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: enhancement, sf-collector

#6 - All exe and file paths should be absolute in SysFlow output

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: bug, sf-collector, falco-libs

#5 - Deployment needs to support OpenShift operator

Issue - State: closed - Opened by terylt over 5 years ago - 3 comments
Labels: enhancement, sf-deployments, sf-exporter, sf-collector

#4 - SysFlow Collector needs to support the CRIO runtime

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: enhancement, sf-collector

#3 - SysFlow needs to support IPv6

Issue - State: open - Opened by terylt over 5 years ago
Labels: enhancement, sf-collector, sysflow-spec

#2 - Collector coredumps (rarely) on FileFlow deletion from cache

Issue - State: closed - Opened by terylt over 5 years ago - 1 comment
Labels: bug, sf-collector

#1 - The SysFlow collector should support chmod, chown, mount/umount, mknod, and mmap

Issue - State: open - Opened by terylt over 5 years ago - 1 comment
Labels: enhancement, sf-collector, sysflow-spec

GitHub / sysflow-telemetry/sysflow issues and pull requests