Module syscall_anomaly 

Syscall anomaly detection for shell command output.

Monitors shell command output for syscall-related patterns (strace output, audit logs, denied operations) and flags anomalies against a configurable baseline. Supports alert budgets and cooldown to prevent alert fatigue.

Structs

SyscallAnomalyConfig

Configuration for the syscall anomaly detector.

SyscallAnomalyDetector

Stateful syscall anomaly detector.

SyscallEvent

A single detected syscall event parsed from command output.

Enums

AnomalyVerdict

Verdict from the anomaly detector.

Functions

parse_syscall_events

Parse command output for syscall events.