Collected sources and patterns will appear here. Add from search, explore, or the patterns library.
SyscallContext -> ActionOutcome
Interdict system calls directly within the kernel using BPF maps configured with blocklists or allowlists.
Problem it solves
Asynchronous user-space security engines react too slowly to prevent exploit steps from completing.
Consumes
Emits
The real projects this mechanism was found in. Attribution is the point — this is how the best teams actually do it.