Skip to content

Features

This is an example of the jibril --features command output. It shows the hierarchy of components available in the Jibril system.

▸ component (none)
▸  ├─┬ packages (package)
▸  │ ├── printers (package)
▸  │ ├── dispatcher (package)
▸  │ ├── cgroups (package)
▸  │ ├── ebpf (package)
▸  │ ├── server (package)
▸  │ ├── settings (package)
▸  │ ├── ebpfobjs (package)
▸  │ └── events (package)
▸  └─┬ extensions (extension)
▸    ├─┬ simple (extension)
▸    │ └─┬ printers (plugin)
▸    │   └── voidprinter (printer)
▸    ├── config (extension)
▸    ├─┬ data (extension)
▸    │ ├── trie (library)
▸    │ └─┬ vmap (library)
▸    │   └── vmap (library)
▸    ├─┬ example (extension)
▸    │ ├── test01 (plugin)
▸    │ ├── test02 (plugin)
▸    │ └── helloworld (plugin)
▸    └─┬ jibril (extension)
▸      ├─┬ tests (test)
▸      │ ├── testtaskargs (test)
▸      │ ├── testtaskflow (test)
▸      │ ├── testallflows (test)
▸      │ ├── testnetpolicy (test)
▸      │ ├── testvmapnest (test)
▸      │ ├── testtaskfile (test)
▸      │ ├── testdomains (test)
▸      │ ├── testfiletask (test)
▸      │ ├── testflows (test)
▸      │ ├── testfiledirbase (test)
▸      │ ├── testtriesuffix (test)
▸      │ └── testvmap (test)
▸      ├─┬ libraries (library)
▸      │ ├── fileprinter (package)
▸      │ ├── utils (library)
▸      │ ├─┬ libfiles (library)
▸      │ │ ├── files (library)
▸      │ │ └── filerefs (library)
▸      │ ├─┬ libnet (library)
▸      │ │ ├── dns (library)
▸      │ │ ├── flows (library)
▸      │ │ └── flowrefs (library)
▸      │ ├─┬ libtasks (library)
▸      │ │ └── tasks (library)
▸      │ └── network (library)
▸      ├─┬ printers (plugin)
▸      │ ├── datakeeper (printer)
▸      │ ├── stdout (printer)
▸      │ └── varlog (printer)
▸      └─┬ plugins (plugin)
▸        ├─┬ netpolicy (plugin)
▸        │ ├─┬ events (plugin)
▸        │ │ ├── dropdomain (event)
▸        │ │ └── dropip (event)
▸        │ └─┬ libraries (library)
▸        │   └── netdrops (library)
▸        ├── procfs (plugin)
▸        ├─┬ detect (plugin)
▸        │ ├─┬ mechanisms (plugin)
▸        │ │ ├── file_access (plugin)
▸        │ │ └── execution (plugin)
▸        │ ├─┬ events (plugin)
▸        │ │ ├─┬ execution (plugin)
▸        │ │ │ ├── code_on_the_fly (event)
▸        │ │ │ ├── net_filecopy_tool_exec (event)
▸        │ │ │ ├── hidden_elf_exec (event)
▸        │ │ │ ├── passwd_usage (event)
▸        │ │ │ ├── runc_suspicious_exec (event)
▸        │ │ │ ├── exec_example (event)
▸        │ │ │ ├── interpreter_shell_spawn (event)
▸        │ │ │ ├── net_suspicious_tool_exec (event)
▸        │ │ │ ├── net_scan_tool_exec (event)
▸        │ │ │ ├── net_suspicious_tool_shell (event)
▸        │ │ │ ├── exec_from_unusual_dir (event)
▸        │ │ │ ├── denial_of_service_tools (event)
▸        │ │ │ ├── file_attribute_change (event)
▸        │ │ │ ├── net_mitm_tool_exec (event)
▸        │ │ │ ├── data_encoder_exec (event)
▸        │ │ │ ├── net_sniff_tool_exec (event)
▸        │ │ │ └── binary_executed_by_loader (event)
▸        │ │ └─┬ fileaccess (plugin)
▸        │ │   ├── credentials_files_access (event)
▸        │ │   ├── os_network_fingerprint (event)
▸        │ │   ├── core_pattern_access (event)
▸        │ │   ├── os_status_fingerprint (event)
▸        │ │   ├── ssl_certificate_access (event)
▸        │ │   ├── code_modification_through_procfs (event)
▸        │ │   ├── capabilities_modification (event)
▸        │ │   ├── package_repo_config_modification (event)
▸        │ │   ├── os_fingerprint (event)
▸        │ │   ├── pam_config_modification (event)
▸        │ │   ├── global_shlib_modification (event)
▸        │ │   ├── java_instrument_lib_load (event)
▸        │ │   ├── shell_config_modification (event)
▸        │ │   ├── sudoers_modification (event)
▸        │ │   ├── file_example (event)
▸        │ │   ├── cpu_fingerprint (event)
▸        │ │   ├── machine_fingerprint (event)
▸        │ │   ├── java_debug_lib_load (event)
▸        │ │   ├── sysrq_access (event)
▸        │ │   ├── sched_debug_access (event)
▸        │ │   ├── unprivileged_bpf_config_access (event)
▸        │ │   └── filesystem_fingerprint (event)
▸        │ └─┬ libraries (library)
▸        │   ├── detection (library)
▸        │   ├── recipe (library)
▸        │   ├── times (library)
▸        │   └── classification (library)
▸        ├─┬ github (plugin)
▸        │ ├─┬ events (plugin)
▸        │ │ ├── detections_summary (event)
▸        │ │ ├── flows_summary (event)
▸        │ │ ├── pull_summary (event)
▸        │ │ ├── summary (event)
▸        │ │ └── change_summary (event)
▸        │ ├─┬ plugins (plugin)
▸        │ │ ├── worksummary (plugin)
▸        │ │ └── pullsummary (plugin)
▸        │ ├─┬ printers (plugin)
▸        │ │ ├── listendevdebug (printer)
▸        │ │ └── listendev (printer)
▸        │ └─┬ libraries (library)
▸        │   ├── environment (library)
▸        │   ├── context (library)
▸        │   ├── tokens (library)
▸        │   ├── steps (library)
▸        │   └── workflow (library)
▸        ├── hold (plugin)
▸        └─┬ net (plugin)
▸          ├─┬ events (plugin)
▸          │ └── flow (event)
▸          └─┬ libraries (library)
▸            └── netflows (library)