Question about system call coverage

[skandbug]

Tracee shows (./dist/tracee -l) a total of 446 system calls for tracing.
However, from the linux kernel source code (5.10), the arm version of the kernel provides 406 system calls, see the table (syscall.tbl). X86 provides 388 (5.10).
After comparison, there are 52 arm (5.10) system calls that are not in the tracee （0.13.1） system call list provided by your team. Whether the comprehensiveness of the trace data obtained by using tracee will be affected.

[yanivagman]

The list of events not only include system calls events, but many other events that we have (e.g. network events and signature events).
To only trace system calls, make sure to use the system calls set.
Now about the comprehensiveness of the list, here is the list of system calls tracee can trace for amd64 and and arm64, respectively:
https://github.com/aquasecurity/tracee/blob/main/pkg/events/amd64.go
https://github.com/aquasecurity/tracee/blob/main/pkg/events/arm64.go

Which system calls you think are missing in these lists?

[skandbug]

For the trace data obtained by tracee, what is the time unit of the following two fields?

timestamp
threadStartTime

[yanivagman]

nanosecond resolution