Documentation ¶
Overview ¶
Package rules holds rules related files
Index ¶
- Constants
- type APIServer
- type RuleEngine
- func (e *RuleEngine) AddPolicyProvider(provider rules.PolicyProvider)
- func (e *RuleEngine) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, ...)
- func (e *RuleEngine) GetRuleSet() (rs *rules.RuleSet)
- func (e *RuleEngine) HandleEvent(event *model.Event)
- func (e *RuleEngine) LoadPolicies(providers []rules.PolicyProvider, sendLoadedReport bool) error
- func (e *RuleEngine) ReloadPolicies() error
- func (e *RuleEngine) RuleMatch(rule *rules.Rule, event eval.Event) bool
- func (e *RuleEngine) SetRulesetLoadedCallback(cb func(es *rules.RuleSet, err *multierror.Error))
- func (e *RuleEngine) Start(ctx context.Context, reloadChan <-chan struct{}) error
- func (e *RuleEngine) StartRunningMetrics(ctx context.Context)
- func (e *RuleEngine) Stop()
- func (e *RuleEngine) StopEventCollector() []rules.CollectedEvent
Constants ¶
View Source
const ( // TagMaxResolutionDelay maximum tag resolution delay TagMaxResolutionDelay = 5 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APIServer ¶
type APIServer interface { ApplyRuleIDs([]rules.RuleID) ApplyPolicyStates([]*monitor.PolicyState) }
APIServer defines the API server
type RuleEngine ¶
type RuleEngine struct { sync.RWMutex AutoSuppression autosuppression.AutoSuppression // contains filtered or unexported fields }
RuleEngine defines a rule engine
func NewRuleEngine ¶
func NewRuleEngine(evm *eventmonitor.EventMonitor, config *config.RuntimeSecurityConfig, probe *probe.Probe, rateLimiter *events.RateLimiter, apiServer APIServer, sender events.EventSender, statsdClient statsd.ClientInterface, rulesetListeners ...rules.RuleSetListener) (*RuleEngine, error)
NewRuleEngine returns a new rule engine
func (*RuleEngine) AddPolicyProvider ¶
func (e *RuleEngine) AddPolicyProvider(provider rules.PolicyProvider)
AddPolicyProvider add a provider
func (*RuleEngine) EventDiscarderFound ¶
func (e *RuleEngine) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)
EventDiscarderFound is called by the ruleset when a new discarder discovered
func (*RuleEngine) GetRuleSet ¶
func (e *RuleEngine) GetRuleSet() (rs *rules.RuleSet)
GetRuleSet returns the set of loaded rules
func (*RuleEngine) HandleEvent ¶
func (e *RuleEngine) HandleEvent(event *model.Event)
HandleEvent is called by the probe when an event arrives from the kernel
func (*RuleEngine) LoadPolicies ¶
func (e *RuleEngine) LoadPolicies(providers []rules.PolicyProvider, sendLoadedReport bool) error
LoadPolicies loads the policies
func (*RuleEngine) ReloadPolicies ¶
func (e *RuleEngine) ReloadPolicies() error
ReloadPolicies reloads the policies
func (*RuleEngine) SetRulesetLoadedCallback ¶
func (e *RuleEngine) SetRulesetLoadedCallback(cb func(es *rules.RuleSet, err *multierror.Error))
SetRulesetLoadedCallback allows setting a callback called when a rule set is loaded
func (*RuleEngine) Start ¶
func (e *RuleEngine) Start(ctx context.Context, reloadChan <-chan struct{}) error
Start the rule engine
func (*RuleEngine) StartRunningMetrics ¶
func (e *RuleEngine) StartRunningMetrics(ctx context.Context)
StartRunningMetrics starts sending the running metrics
func (*RuleEngine) StopEventCollector ¶
func (e *RuleEngine) StopEventCollector() []rules.CollectedEvent
StopEventCollector stops the event collector
Directories ¶
Path | Synopsis |
---|---|
Package autosuppression holds auto suppression related files
|
Package autosuppression holds auto suppression related files |
Package bundled contains bundled rules
|
Package bundled contains bundled rules |
Package filtermodel holds rules related files
|
Package filtermodel holds rules related files |
Package monitor holds rules related files
|
Package monitor holds rules related files |
Click to show internal directories.
Click to hide internal directories.