Architecture
Here we discuss and describe how different components of owLSM work.
Deep Dives
| Component | Description |
|---|---|
| Rule Creation and Evaluation | Full flow of rules. From YAML to in kernel evaluation |
| Process Cache | Process cache managment. Flow and best practices |
| Event Flow | How events flow from kernel hooks to userspace output |
| Event Caching | high-frequency events are caching |
| Shell Command Monitoring | How interactive shell commands are captured using uprobes |