GNU/Linux ◆ xterm-256color ◆ zsh 206 views

As you can see in this asciicast, here we’re defining a rule to fire an alert when a new file is created in a container with execution permissions, thanks to the libsinsp is_open_exec filter.