While in this first round of implementing the KH-calibrations, I mostly want to make sure all pieces work together, so as soon as I find a sys_call that fires on an attack, I use it -> however, those policies are sometimes (very) far from smoking guns.
I want to next try tracee, to check how much faster/slower I can work with it.
Then, come back to tetragon and revisit all those policies that are flimsy at best
While in this first round of implementing the KH-calibrations, I mostly want to make sure all pieces work together, so as soon as I find a sys_call that fires on an attack, I use it -> however, those policies are sometimes (very) far from smoking guns.
I want to next try tracee, to check how much faster/slower I can work with it.
Then, come back to tetragon and revisit all those policies that are flimsy at best