stackrox · erthalion · Jan 12, 2026 · Jan 9, 2026 · Jan 9, 2026
diff --git a/README.md b/README.md
@@ -1,5 +1,11 @@
 # fact
 
+File ACTivity is a file integrity monitoring tool designed to help with PCI DSS
+compliance, which requires a change detection mechanism. It's implemented as a
+BPF agent, which coordinates a set of BPF programs attached to LSM hooks,
+receives events from the kernel, does basic enrichment and pushes them for
+further processing.
+
 ## Prerequisites
 
 1. stable rust toolchains.
@@ -30,6 +36,9 @@ cargo run --release --config 'target."cfg(all())".runner="sudo -E"'
 Cargo build scripts are used to automatically build the eBPF correctly
 and include it in the program.
 
+For more details about available options, check out the
+[references page](docs/references.md).
+
 ## Running eBPF unit tests
 
 There is some specific unit tests that execute just the eBPF code and

diff --git a/docs/references.md b/docs/references.md
@@ -0,0 +1,19 @@
+# Fact references
+
+## Configuration options
+
+### Environment variables
+
+* `FACT_PATHS`: List of file paths to monitor.
+
+* `FACT_LOGLEVEL`: At which level produce log messages.
+
+### Commandline options
+
+* `--skip-pre-flight`: Do not perform pre-flight checks. Before starting up
+  Fact tries to verify if needed LSM hooks are available, but in some
+  environments this might not be robust enough. In such cases one can disable
+  those checks.
+
+* `-p, --paths`: List of file paths to monitor. This option could be used
+  multiple times, instructing Fact to monitor multiple files.