In order to detect and mitigate cybersecurity
threats, analysts usually use Security Information and Event
Management (SIEM) systems as an important tool for analyzing
large volumes of heterogeneous log data. However, the lack of
contextual information and the inherent complexity of multi-step
attack scenarios pose significant challenges in correlating events
and explaining sophisticated attacks. To address these limitations,
this paper proposes a novel approach to generating causal
logs using eBPF (extended Berkeley Packet Filter), a powerful
and efficient technology for observing kernel-level events. By
leveraging eBPF, we produce logs that are highly relevant and
explicitly linked to causal chains of events, enabling improved
attack explanations. We assess the effectiveness of our approach
by applying it to scenarios like SQL injection attacks, showcasing
its capability to uncover causal pathways and support forensic
investigations. The findings highlight that the proposed method
improves the contextual relevance and clarity of logs, offering a
stronger foundation for comprehending and addressing intricate
cybersecurity challenges.