Features in falco
I have some basic questions about the features supported by falco. Namely,
1. Does it support custom syscall hook rules? Example: we want to hook into **mprotect** syscall, can we do that? Can you point me to a link?
2. How do we monitor userspace code? Example: we want to catch reads of environment variables, how can we achieve that? Do you have a link with an example?
3. Does falco support record-and-replay?
Thanks in advance!