Y
Hacker News
new
|
ask
|
show
|
jobs
by
geraldcombs
505 days ago
It uses Falco libs[1] underneath, which supports capture using eBPF or a kmod. I work with the Falco libs team and they go to great lengths to minimize overhead.
[1]
https://github.com/falcosecurity/libs/