Collected sources and patterns will appear here. Add from search, explore, or the patterns library.
RawProcessHook -> ProcessLifecycleEvent
Attach eBPF probes to kernel process lifecycle hooks to produce structured execution and exit events.
Problem it solves
Tracking short-lived processes reliably without the high overhead of continuous user-space polling.
Consumes
Emits
The real projects this mechanism was found in. Attribution is the point — this is how the best teams actually do it.