Documentation ¶
Overview ¶
Package model holds model related files
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files ¶
Package model holds model related files
Index ¶
- Constants
- Variables
- func GetEventTypePerCategory() map[EventCategory][]eval.EventType
- func GetHostByteOrder() binary.ByteOrder
- func IsAlphaNumeric(r rune) bool
- func IsPrintable(s string) bool
- func IsPrintableASCII(s string) bool
- func MarshalBinary(data []byte, binaryMarshalers ...BinaryMarshaler) (int, error)
- func NullTerminatedString(d []byte) string
- func ProcessSourceToString(source uint64) string
- func SliceToArray(src []byte, dst []byte)
- func StringifyHelpersList(input []uint32) []string
- func UnmarshalBinary(data []byte, binaryUnmarshalers ...BinaryUnmarshaler) (int, error)
- func UnmarshalPrintableString(data []byte, size int) (string, error)
- func UnmarshalString(data []byte, size int) (string, error)
- func UnmarshalStringArray(data []byte) ([]string, error)
- type ActivityDumpLoadConfig
- type AddressFamily
- type AnomalyDetectionSyscallEvent
- type ArgsEntry
- type ArgsEnvs
- type ArgsEnvsEvent
- type BPFAttachType
- type BPFCmd
- type BPFEvent
- type BPFHelperFunc
- type BPFMap
- type BPFMapType
- type BPFProgram
- type BPFProgramType
- type BaseEvent
- type BinaryMarshaler
- type BinaryUnmarshaler
- type BindEvent
- type CapsetEvent
- type CgroupTracingEvent
- type ChmodEvent
- type ChownEvent
- type ContainerContext
- type Credentials
- type DNSEvent
- type DefaultFieldHandlers
- func (dfh *DefaultFieldHandlers) GetProcessService(ev *Event) string
- func (dfh *DefaultFieldHandlers) ResolveAsync(ev *Event) bool
- func (dfh *DefaultFieldHandlers) ResolveChownGID(ev *Event, e *ChownEvent) string
- func (dfh *DefaultFieldHandlers) ResolveChownUID(ev *Event, e *ChownEvent) string
- func (dfh *DefaultFieldHandlers) ResolveContainerContext(ev *Event) (*ContainerContext, bool)
- func (dfh *DefaultFieldHandlers) ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int
- func (dfh *DefaultFieldHandlers) ResolveContainerID(ev *Event, e *ContainerContext) string
- func (dfh *DefaultFieldHandlers) ResolveContainerTags(ev *Event, e *ContainerContext) []string
- func (dfh *DefaultFieldHandlers) ResolveEventTime(ev *Event) time.Time
- func (dfh *DefaultFieldHandlers) ResolveEventTimestamp(ev *Event, e *BaseEvent) int
- func (dfh *DefaultFieldHandlers) ResolveFileBasename(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolveFileFieldsGroup(ev *Event, e *FileFields) string
- func (dfh *DefaultFieldHandlers) ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool
- func (dfh *DefaultFieldHandlers) ResolveFileFieldsUser(ev *Event, e *FileFields) string
- func (dfh *DefaultFieldHandlers) ResolveFileFilesystem(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolveFilePath(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolveHashes(eventType EventType, process *Process, file *FileEvent) []string
- func (dfh *DefaultFieldHandlers) ResolveHashesFromEvent(ev *Event, e *FileEvent) []string
- func (dfh *DefaultFieldHandlers) ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string
- func (dfh *DefaultFieldHandlers) ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string
- func (dfh *DefaultFieldHandlers) ResolveMountPointPath(ev *Event, e *MountEvent) string
- func (dfh *DefaultFieldHandlers) ResolveMountSourcePath(ev *Event, e *MountEvent) string
- func (dfh *DefaultFieldHandlers) ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string
- func (dfh *DefaultFieldHandlers) ResolvePackageName(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolvePackageSourceVersion(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolvePackageVersion(ev *Event, e *FileEvent) string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgs(ev *Event, e *Process) string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgsFlags(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgsOptions(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgsTruncated(ev *Event, e *Process) bool
- func (dfh *DefaultFieldHandlers) ResolveProcessArgv(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgv0(ev *Event, e *Process) string
- func (dfh *DefaultFieldHandlers) ResolveProcessArgvScrubbed(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessCacheEntry(ev *Event) (*ProcessCacheEntry, bool)
- func (dfh *DefaultFieldHandlers) ResolveProcessCreatedAt(ev *Event, e *Process) int
- func (dfh *DefaultFieldHandlers) ResolveProcessEnvp(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessEnvs(ev *Event, e *Process) []string
- func (dfh *DefaultFieldHandlers) ResolveProcessEnvsTruncated(ev *Event, e *Process) bool
- func (dfh *DefaultFieldHandlers) ResolveRights(ev *Event, e *FileFields) int
- func (dfh *DefaultFieldHandlers) ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetgidGroup(ev *Event, e *SetgidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetuidEUser(ev *Event, e *SetuidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveSetuidUser(ev *Event, e *SetuidEvent) string
- func (dfh *DefaultFieldHandlers) ResolveXAttrName(ev *Event, e *SetXAttrEvent) string
- func (dfh *DefaultFieldHandlers) ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string
- type EnvsEntry
- type ErrInvalidKeyPath
- type ErrNoProcessContext
- type ErrProcessBrokenLineage
- type ErrProcessIncompleteLineage
- type ErrProcessMissingParentNode
- type ErrProcessWrongParentNode
- type Event
- func (e *Event) AddToFlags(flag uint32)
- func (ev *Event) GetBindAddrFamily() uint16
- func (ev *Event) GetBindAddrIp() net.IPNet
- func (ev *Event) GetBindAddrPort() uint16
- func (ev *Event) GetBindRetval() int64
- func (ev *Event) GetBpfCmd() uint32
- func (ev *Event) GetBpfMapName() string
- func (ev *Event) GetBpfMapType() uint32
- func (ev *Event) GetBpfProgAttachType() uint32
- func (ev *Event) GetBpfProgHelpers() []uint32
- func (ev *Event) GetBpfProgName() string
- func (ev *Event) GetBpfProgTag() string
- func (ev *Event) GetBpfProgType() uint32
- func (ev *Event) GetBpfRetval() int64
- func (ev *Event) GetCapsetCapEffective() uint64
- func (ev *Event) GetCapsetCapPermitted() uint64
- func (ev *Event) GetChmodFileChangeTime() uint64
- func (ev *Event) GetChmodFileDestinationMode() uint32
- func (ev *Event) GetChmodFileDestinationRights() uint32
- func (ev *Event) GetChmodFileFilesystem() string
- func (ev *Event) GetChmodFileGid() uint32
- func (ev *Event) GetChmodFileGroup() string
- func (ev *Event) GetChmodFileHashes() []string
- func (ev *Event) GetChmodFileInUpperLayer() bool
- func (ev *Event) GetChmodFileInode() uint64
- func (ev *Event) GetChmodFileMode() uint16
- func (ev *Event) GetChmodFileModificationTime() uint64
- func (ev *Event) GetChmodFileMountId() uint32
- func (ev *Event) GetChmodFileName() string
- func (ev *Event) GetChmodFileNameLength() int
- func (ev *Event) GetChmodFilePackageName() string
- func (ev *Event) GetChmodFilePackageSourceVersion() string
- func (ev *Event) GetChmodFilePackageVersion() string
- func (ev *Event) GetChmodFilePath() string
- func (ev *Event) GetChmodFilePathLength() int
- func (ev *Event) GetChmodFileRights() int
- func (ev *Event) GetChmodFileUid() uint32
- func (ev *Event) GetChmodFileUser() string
- func (ev *Event) GetChmodRetval() int64
- func (ev *Event) GetChownFileChangeTime() uint64
- func (ev *Event) GetChownFileDestinationGid() int64
- func (ev *Event) GetChownFileDestinationGroup() string
- func (ev *Event) GetChownFileDestinationUid() int64
- func (ev *Event) GetChownFileDestinationUser() string
- func (ev *Event) GetChownFileFilesystem() string
- func (ev *Event) GetChownFileGid() uint32
- func (ev *Event) GetChownFileGroup() string
- func (ev *Event) GetChownFileHashes() []string
- func (ev *Event) GetChownFileInUpperLayer() bool
- func (ev *Event) GetChownFileInode() uint64
- func (ev *Event) GetChownFileMode() uint16
- func (ev *Event) GetChownFileModificationTime() uint64
- func (ev *Event) GetChownFileMountId() uint32
- func (ev *Event) GetChownFileName() string
- func (ev *Event) GetChownFileNameLength() int
- func (ev *Event) GetChownFilePackageName() string
- func (ev *Event) GetChownFilePackageSourceVersion() string
- func (ev *Event) GetChownFilePackageVersion() string
- func (ev *Event) GetChownFilePath() string
- func (ev *Event) GetChownFilePathLength() int
- func (ev *Event) GetChownFileRights() int
- func (ev *Event) GetChownFileUid() uint32
- func (ev *Event) GetChownFileUser() string
- func (ev *Event) GetChownRetval() int64
- func (ev *Event) GetContainerCreatedAt() int
- func (ev *Event) GetContainerId() string
- func (ev *Event) GetContainerTags() []string
- func (ev *Event) GetDnsId() uint16
- func (ev *Event) GetDnsQuestionClass() uint16
- func (ev *Event) GetDnsQuestionCount() uint16
- func (ev *Event) GetDnsQuestionLength() uint16
- func (ev *Event) GetDnsQuestionName() string
- func (ev *Event) GetDnsQuestionNameLength() int
- func (ev *Event) GetDnsQuestionType() uint16
- func (ev *Event) GetEventAsync() bool
- func (ev *Event) GetEventTimestamp() int
- func (e *Event) GetEventType() EventType
- func (ev *Event) GetExecArgs() string
- func (ev *Event) GetExecArgsFlags() []string
- func (ev *Event) GetExecArgsOptions() []string
- func (ev *Event) GetExecArgsTruncated() bool
- func (ev *Event) GetExecArgv() []string
- func (ev *Event) GetExecArgv0() string
- func (ev *Event) GetExecCapEffective() uint64
- func (ev *Event) GetExecCapPermitted() uint64
- func (ev *Event) GetExecComm() string
- func (ev *Event) GetExecContainerId() string
- func (ev *Event) GetExecCreatedAt() int
- func (ev *Event) GetExecEgid() uint32
- func (ev *Event) GetExecEgroup() string
- func (ev *Event) GetExecEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetExecEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetExecEnvsTruncated() bool
- func (ev *Event) GetExecEuid() uint32
- func (ev *Event) GetExecEuser() string
- func (ev *Event) GetExecExecTime() time.Time
- func (ev *Event) GetExecExitTime() time.Time
- func (ev *Event) GetExecFileChangeTime() uint64
- func (ev *Event) GetExecFileFilesystem() string
- func (ev *Event) GetExecFileGid() uint32
- func (ev *Event) GetExecFileGroup() string
- func (ev *Event) GetExecFileHashes() []string
- func (ev *Event) GetExecFileInUpperLayer() bool
- func (ev *Event) GetExecFileInode() uint64
- func (ev *Event) GetExecFileMode() uint16
- func (ev *Event) GetExecFileModificationTime() uint64
- func (ev *Event) GetExecFileMountId() uint32
- func (ev *Event) GetExecFileName() string
- func (ev *Event) GetExecFileNameLength() int
- func (ev *Event) GetExecFilePackageName() string
- func (ev *Event) GetExecFilePackageSourceVersion() string
- func (ev *Event) GetExecFilePackageVersion() string
- func (ev *Event) GetExecFilePath() string
- func (ev *Event) GetExecFilePathLength() int
- func (ev *Event) GetExecFileRights() int
- func (ev *Event) GetExecFileUid() uint32
- func (ev *Event) GetExecFileUser() string
- func (ev *Event) GetExecForkTime() time.Time
- func (ev *Event) GetExecFsgid() uint32
- func (ev *Event) GetExecFsgroup() string
- func (ev *Event) GetExecFsuid() uint32
- func (ev *Event) GetExecFsuser() string
- func (ev *Event) GetExecGid() uint32
- func (ev *Event) GetExecGroup() string
- func (ev *Event) GetExecInterpreterFileChangeTime() uint64
- func (ev *Event) GetExecInterpreterFileFilesystem() string
- func (ev *Event) GetExecInterpreterFileGid() uint32
- func (ev *Event) GetExecInterpreterFileGroup() string
- func (ev *Event) GetExecInterpreterFileHashes() []string
- func (ev *Event) GetExecInterpreterFileInUpperLayer() bool
- func (ev *Event) GetExecInterpreterFileInode() uint64
- func (ev *Event) GetExecInterpreterFileMode() uint16
- func (ev *Event) GetExecInterpreterFileModificationTime() uint64
- func (ev *Event) GetExecInterpreterFileMountId() uint32
- func (ev *Event) GetExecInterpreterFileName() string
- func (ev *Event) GetExecInterpreterFileNameLength() int
- func (ev *Event) GetExecInterpreterFilePackageName() string
- func (ev *Event) GetExecInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetExecInterpreterFilePackageVersion() string
- func (ev *Event) GetExecInterpreterFilePath() string
- func (ev *Event) GetExecInterpreterFilePathLength() int
- func (ev *Event) GetExecInterpreterFileRights() int
- func (ev *Event) GetExecInterpreterFileUid() uint32
- func (ev *Event) GetExecInterpreterFileUser() string
- func (ev *Event) GetExecIsKworker() bool
- func (ev *Event) GetExecIsThread() bool
- func (ev *Event) GetExecPid() uint32
- func (ev *Event) GetExecPpid() uint32
- func (ev *Event) GetExecTid() uint32
- func (ev *Event) GetExecTtyName() string
- func (ev *Event) GetExecUid() uint32
- func (ev *Event) GetExecUser() string
- func (ev *Event) GetExitArgs() string
- func (ev *Event) GetExitArgsFlags() []string
- func (ev *Event) GetExitArgsOptions() []string
- func (ev *Event) GetExitArgsTruncated() bool
- func (ev *Event) GetExitArgv() []string
- func (ev *Event) GetExitArgv0() string
- func (ev *Event) GetExitCapEffective() uint64
- func (ev *Event) GetExitCapPermitted() uint64
- func (ev *Event) GetExitCause() uint32
- func (ev *Event) GetExitCode() uint32
- func (ev *Event) GetExitComm() string
- func (ev *Event) GetExitContainerId() string
- func (ev *Event) GetExitCreatedAt() int
- func (ev *Event) GetExitEgid() uint32
- func (ev *Event) GetExitEgroup() string
- func (ev *Event) GetExitEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetExitEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetExitEnvsTruncated() bool
- func (ev *Event) GetExitEuid() uint32
- func (ev *Event) GetExitEuser() string
- func (ev *Event) GetExitExecTime() time.Time
- func (ev *Event) GetExitExitTime() time.Time
- func (ev *Event) GetExitFileChangeTime() uint64
- func (ev *Event) GetExitFileFilesystem() string
- func (ev *Event) GetExitFileGid() uint32
- func (ev *Event) GetExitFileGroup() string
- func (ev *Event) GetExitFileHashes() []string
- func (ev *Event) GetExitFileInUpperLayer() bool
- func (ev *Event) GetExitFileInode() uint64
- func (ev *Event) GetExitFileMode() uint16
- func (ev *Event) GetExitFileModificationTime() uint64
- func (ev *Event) GetExitFileMountId() uint32
- func (ev *Event) GetExitFileName() string
- func (ev *Event) GetExitFileNameLength() int
- func (ev *Event) GetExitFilePackageName() string
- func (ev *Event) GetExitFilePackageSourceVersion() string
- func (ev *Event) GetExitFilePackageVersion() string
- func (ev *Event) GetExitFilePath() string
- func (ev *Event) GetExitFilePathLength() int
- func (ev *Event) GetExitFileRights() int
- func (ev *Event) GetExitFileUid() uint32
- func (ev *Event) GetExitFileUser() string
- func (ev *Event) GetExitForkTime() time.Time
- func (ev *Event) GetExitFsgid() uint32
- func (ev *Event) GetExitFsgroup() string
- func (ev *Event) GetExitFsuid() uint32
- func (ev *Event) GetExitFsuser() string
- func (ev *Event) GetExitGid() uint32
- func (ev *Event) GetExitGroup() string
- func (ev *Event) GetExitInterpreterFileChangeTime() uint64
- func (ev *Event) GetExitInterpreterFileFilesystem() string
- func (ev *Event) GetExitInterpreterFileGid() uint32
- func (ev *Event) GetExitInterpreterFileGroup() string
- func (ev *Event) GetExitInterpreterFileHashes() []string
- func (ev *Event) GetExitInterpreterFileInUpperLayer() bool
- func (ev *Event) GetExitInterpreterFileInode() uint64
- func (ev *Event) GetExitInterpreterFileMode() uint16
- func (ev *Event) GetExitInterpreterFileModificationTime() uint64
- func (ev *Event) GetExitInterpreterFileMountId() uint32
- func (ev *Event) GetExitInterpreterFileName() string
- func (ev *Event) GetExitInterpreterFileNameLength() int
- func (ev *Event) GetExitInterpreterFilePackageName() string
- func (ev *Event) GetExitInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetExitInterpreterFilePackageVersion() string
- func (ev *Event) GetExitInterpreterFilePath() string
- func (ev *Event) GetExitInterpreterFilePathLength() int
- func (ev *Event) GetExitInterpreterFileRights() int
- func (ev *Event) GetExitInterpreterFileUid() uint32
- func (ev *Event) GetExitInterpreterFileUser() string
- func (ev *Event) GetExitIsKworker() bool
- func (ev *Event) GetExitIsThread() bool
- func (ev *Event) GetExitPid() uint32
- func (ev *Event) GetExitPpid() uint32
- func (ev *Event) GetExitTid() uint32
- func (ev *Event) GetExitTtyName() string
- func (ev *Event) GetExitUid() uint32
- func (ev *Event) GetExitUser() string
- func (ev *Event) GetFieldEventType(field eval.Field) (eval.EventType, error)
- func (ev *Event) GetFieldType(field eval.Field) (reflect.Kind, error)
- func (ev *Event) GetFieldValue(field eval.Field) (interface{}, error)
- func (ev *Event) GetFields() []eval.Field
- func (ev *Event) GetLinkFileChangeTime() uint64
- func (ev *Event) GetLinkFileDestinationChangeTime() uint64
- func (ev *Event) GetLinkFileDestinationFilesystem() string
- func (ev *Event) GetLinkFileDestinationGid() uint32
- func (ev *Event) GetLinkFileDestinationGroup() string
- func (ev *Event) GetLinkFileDestinationHashes() []string
- func (ev *Event) GetLinkFileDestinationInUpperLayer() bool
- func (ev *Event) GetLinkFileDestinationInode() uint64
- func (ev *Event) GetLinkFileDestinationMode() uint16
- func (ev *Event) GetLinkFileDestinationModificationTime() uint64
- func (ev *Event) GetLinkFileDestinationMountId() uint32
- func (ev *Event) GetLinkFileDestinationName() string
- func (ev *Event) GetLinkFileDestinationNameLength() int
- func (ev *Event) GetLinkFileDestinationPackageName() string
- func (ev *Event) GetLinkFileDestinationPackageSourceVersion() string
- func (ev *Event) GetLinkFileDestinationPackageVersion() string
- func (ev *Event) GetLinkFileDestinationPath() string
- func (ev *Event) GetLinkFileDestinationPathLength() int
- func (ev *Event) GetLinkFileDestinationRights() int
- func (ev *Event) GetLinkFileDestinationUid() uint32
- func (ev *Event) GetLinkFileDestinationUser() string
- func (ev *Event) GetLinkFileFilesystem() string
- func (ev *Event) GetLinkFileGid() uint32
- func (ev *Event) GetLinkFileGroup() string
- func (ev *Event) GetLinkFileHashes() []string
- func (ev *Event) GetLinkFileInUpperLayer() bool
- func (ev *Event) GetLinkFileInode() uint64
- func (ev *Event) GetLinkFileMode() uint16
- func (ev *Event) GetLinkFileModificationTime() uint64
- func (ev *Event) GetLinkFileMountId() uint32
- func (ev *Event) GetLinkFileName() string
- func (ev *Event) GetLinkFileNameLength() int
- func (ev *Event) GetLinkFilePackageName() string
- func (ev *Event) GetLinkFilePackageSourceVersion() string
- func (ev *Event) GetLinkFilePackageVersion() string
- func (ev *Event) GetLinkFilePath() string
- func (ev *Event) GetLinkFilePathLength() int
- func (ev *Event) GetLinkFileRights() int
- func (ev *Event) GetLinkFileUid() uint32
- func (ev *Event) GetLinkFileUser() string
- func (ev *Event) GetLinkRetval() int64
- func (ev *Event) GetLoadModuleArgs() string
- func (ev *Event) GetLoadModuleArgsTruncated() bool
- func (ev *Event) GetLoadModuleArgv() []string
- func (ev *Event) GetLoadModuleFileChangeTime() uint64
- func (ev *Event) GetLoadModuleFileFilesystem() string
- func (ev *Event) GetLoadModuleFileGid() uint32
- func (ev *Event) GetLoadModuleFileGroup() string
- func (ev *Event) GetLoadModuleFileHashes() []string
- func (ev *Event) GetLoadModuleFileInUpperLayer() bool
- func (ev *Event) GetLoadModuleFileInode() uint64
- func (ev *Event) GetLoadModuleFileMode() uint16
- func (ev *Event) GetLoadModuleFileModificationTime() uint64
- func (ev *Event) GetLoadModuleFileMountId() uint32
- func (ev *Event) GetLoadModuleFileName() string
- func (ev *Event) GetLoadModuleFileNameLength() int
- func (ev *Event) GetLoadModuleFilePackageName() string
- func (ev *Event) GetLoadModuleFilePackageSourceVersion() string
- func (ev *Event) GetLoadModuleFilePackageVersion() string
- func (ev *Event) GetLoadModuleFilePath() string
- func (ev *Event) GetLoadModuleFilePathLength() int
- func (ev *Event) GetLoadModuleFileRights() int
- func (ev *Event) GetLoadModuleFileUid() uint32
- func (ev *Event) GetLoadModuleFileUser() string
- func (ev *Event) GetLoadModuleLoadedFromMemory() bool
- func (ev *Event) GetLoadModuleName() string
- func (ev *Event) GetLoadModuleRetval() int64
- func (ev *Event) GetMkdirFileChangeTime() uint64
- func (ev *Event) GetMkdirFileDestinationMode() uint32
- func (ev *Event) GetMkdirFileDestinationRights() uint32
- func (ev *Event) GetMkdirFileFilesystem() string
- func (ev *Event) GetMkdirFileGid() uint32
- func (ev *Event) GetMkdirFileGroup() string
- func (ev *Event) GetMkdirFileHashes() []string
- func (ev *Event) GetMkdirFileInUpperLayer() bool
- func (ev *Event) GetMkdirFileInode() uint64
- func (ev *Event) GetMkdirFileMode() uint16
- func (ev *Event) GetMkdirFileModificationTime() uint64
- func (ev *Event) GetMkdirFileMountId() uint32
- func (ev *Event) GetMkdirFileName() string
- func (ev *Event) GetMkdirFileNameLength() int
- func (ev *Event) GetMkdirFilePackageName() string
- func (ev *Event) GetMkdirFilePackageSourceVersion() string
- func (ev *Event) GetMkdirFilePackageVersion() string
- func (ev *Event) GetMkdirFilePath() string
- func (ev *Event) GetMkdirFilePathLength() int
- func (ev *Event) GetMkdirFileRights() int
- func (ev *Event) GetMkdirFileUid() uint32
- func (ev *Event) GetMkdirFileUser() string
- func (ev *Event) GetMkdirRetval() int64
- func (ev *Event) GetMmapFileChangeTime() uint64
- func (ev *Event) GetMmapFileFilesystem() string
- func (ev *Event) GetMmapFileGid() uint32
- func (ev *Event) GetMmapFileGroup() string
- func (ev *Event) GetMmapFileHashes() []string
- func (ev *Event) GetMmapFileInUpperLayer() bool
- func (ev *Event) GetMmapFileInode() uint64
- func (ev *Event) GetMmapFileMode() uint16
- func (ev *Event) GetMmapFileModificationTime() uint64
- func (ev *Event) GetMmapFileMountId() uint32
- func (ev *Event) GetMmapFileName() string
- func (ev *Event) GetMmapFileNameLength() int
- func (ev *Event) GetMmapFilePackageName() string
- func (ev *Event) GetMmapFilePackageSourceVersion() string
- func (ev *Event) GetMmapFilePackageVersion() string
- func (ev *Event) GetMmapFilePath() string
- func (ev *Event) GetMmapFilePathLength() int
- func (ev *Event) GetMmapFileRights() int
- func (ev *Event) GetMmapFileUid() uint32
- func (ev *Event) GetMmapFileUser() string
- func (ev *Event) GetMmapFlags() int
- func (ev *Event) GetMmapProtection() int
- func (ev *Event) GetMmapRetval() int64
- func (ev *Event) GetMountFsType() string
- func (ev *Event) GetMountMountpointPath() string
- func (ev *Event) GetMountRetval() int64
- func (ev *Event) GetMountSourcePath() string
- func (ev *Event) GetMprotectReqProtection() int
- func (ev *Event) GetMprotectRetval() int64
- func (ev *Event) GetMprotectVmProtection() int
- func (ev *Event) GetNetworkDestinationIp() net.IPNet
- func (ev *Event) GetNetworkDestinationPort() uint16
- func (ev *Event) GetNetworkDeviceIfindex() uint32
- func (ev *Event) GetNetworkDeviceIfname() string
- func (ev *Event) GetNetworkL3Protocol() uint16
- func (ev *Event) GetNetworkL4Protocol() uint16
- func (ev *Event) GetNetworkSize() uint32
- func (ev *Event) GetNetworkSourceIp() net.IPNet
- func (ev *Event) GetNetworkSourcePort() uint16
- func (ev *Event) GetOpenFileChangeTime() uint64
- func (ev *Event) GetOpenFileDestinationMode() uint32
- func (ev *Event) GetOpenFileFilesystem() string
- func (ev *Event) GetOpenFileGid() uint32
- func (ev *Event) GetOpenFileGroup() string
- func (ev *Event) GetOpenFileHashes() []string
- func (ev *Event) GetOpenFileInUpperLayer() bool
- func (ev *Event) GetOpenFileInode() uint64
- func (ev *Event) GetOpenFileMode() uint16
- func (ev *Event) GetOpenFileModificationTime() uint64
- func (ev *Event) GetOpenFileMountId() uint32
- func (ev *Event) GetOpenFileName() string
- func (ev *Event) GetOpenFileNameLength() int
- func (ev *Event) GetOpenFilePackageName() string
- func (ev *Event) GetOpenFilePackageSourceVersion() string
- func (ev *Event) GetOpenFilePackageVersion() string
- func (ev *Event) GetOpenFilePath() string
- func (ev *Event) GetOpenFilePathLength() int
- func (ev *Event) GetOpenFileRights() int
- func (ev *Event) GetOpenFileUid() uint32
- func (ev *Event) GetOpenFileUser() string
- func (ev *Event) GetOpenFlags() uint32
- func (ev *Event) GetOpenRetval() int64
- func (ev *Event) GetProcessAncestorsArgs() []string
- func (ev *Event) GetProcessAncestorsArgsFlags() []string
- func (ev *Event) GetProcessAncestorsArgsOptions() []string
- func (ev *Event) GetProcessAncestorsArgsTruncated() []bool
- func (ev *Event) GetProcessAncestorsArgv() []string
- func (ev *Event) GetProcessAncestorsArgv0() []string
- func (ev *Event) GetProcessAncestorsCapEffective() []uint64
- func (ev *Event) GetProcessAncestorsCapPermitted() []uint64
- func (ev *Event) GetProcessAncestorsComm() []string
- func (ev *Event) GetProcessAncestorsContainerId() []string
- func (ev *Event) GetProcessAncestorsCreatedAt() []int
- func (ev *Event) GetProcessAncestorsEgid() []uint32
- func (ev *Event) GetProcessAncestorsEgroup() []string
- func (ev *Event) GetProcessAncestorsEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessAncestorsEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessAncestorsEnvsTruncated() []bool
- func (ev *Event) GetProcessAncestorsEuid() []uint32
- func (ev *Event) GetProcessAncestorsEuser() []string
- func (ev *Event) GetProcessAncestorsFileChangeTime() []uint64
- func (ev *Event) GetProcessAncestorsFileFilesystem() []string
- func (ev *Event) GetProcessAncestorsFileGid() []uint32
- func (ev *Event) GetProcessAncestorsFileGroup() []string
- func (ev *Event) GetProcessAncestorsFileHashes() []string
- func (ev *Event) GetProcessAncestorsFileInUpperLayer() []bool
- func (ev *Event) GetProcessAncestorsFileInode() []uint64
- func (ev *Event) GetProcessAncestorsFileMode() []uint16
- func (ev *Event) GetProcessAncestorsFileModificationTime() []uint64
- func (ev *Event) GetProcessAncestorsFileMountId() []uint32
- func (ev *Event) GetProcessAncestorsFileName() []string
- func (ev *Event) GetProcessAncestorsFileNameLength() []int
- func (ev *Event) GetProcessAncestorsFilePackageName() []string
- func (ev *Event) GetProcessAncestorsFilePackageSourceVersion() []string
- func (ev *Event) GetProcessAncestorsFilePackageVersion() []string
- func (ev *Event) GetProcessAncestorsFilePath() []string
- func (ev *Event) GetProcessAncestorsFilePathLength() []int
- func (ev *Event) GetProcessAncestorsFileRights() []int
- func (ev *Event) GetProcessAncestorsFileUid() []uint32
- func (ev *Event) GetProcessAncestorsFileUser() []string
- func (ev *Event) GetProcessAncestorsFsgid() []uint32
- func (ev *Event) GetProcessAncestorsFsgroup() []string
- func (ev *Event) GetProcessAncestorsFsuid() []uint32
- func (ev *Event) GetProcessAncestorsFsuser() []string
- func (ev *Event) GetProcessAncestorsGid() []uint32
- func (ev *Event) GetProcessAncestorsGroup() []string
- func (ev *Event) GetProcessAncestorsInterpreterFileChangeTime() []uint64
- func (ev *Event) GetProcessAncestorsInterpreterFileFilesystem() []string
- func (ev *Event) GetProcessAncestorsInterpreterFileGid() []uint32
- func (ev *Event) GetProcessAncestorsInterpreterFileGroup() []string
- func (ev *Event) GetProcessAncestorsInterpreterFileHashes() []string
- func (ev *Event) GetProcessAncestorsInterpreterFileInUpperLayer() []bool
- func (ev *Event) GetProcessAncestorsInterpreterFileInode() []uint64
- func (ev *Event) GetProcessAncestorsInterpreterFileMode() []uint16
- func (ev *Event) GetProcessAncestorsInterpreterFileModificationTime() []uint64
- func (ev *Event) GetProcessAncestorsInterpreterFileMountId() []uint32
- func (ev *Event) GetProcessAncestorsInterpreterFileName() []string
- func (ev *Event) GetProcessAncestorsInterpreterFileNameLength() []int
- func (ev *Event) GetProcessAncestorsInterpreterFilePackageName() []string
- func (ev *Event) GetProcessAncestorsInterpreterFilePackageSourceVersion() []string
- func (ev *Event) GetProcessAncestorsInterpreterFilePackageVersion() []string
- func (ev *Event) GetProcessAncestorsInterpreterFilePath() []string
- func (ev *Event) GetProcessAncestorsInterpreterFilePathLength() []int
- func (ev *Event) GetProcessAncestorsInterpreterFileRights() []int
- func (ev *Event) GetProcessAncestorsInterpreterFileUid() []uint32
- func (ev *Event) GetProcessAncestorsInterpreterFileUser() []string
- func (ev *Event) GetProcessAncestorsIsKworker() []bool
- func (ev *Event) GetProcessAncestorsIsThread() []bool
- func (ev *Event) GetProcessAncestorsPid() []uint32
- func (ev *Event) GetProcessAncestorsPpid() []uint32
- func (ev *Event) GetProcessAncestorsTid() []uint32
- func (ev *Event) GetProcessAncestorsTtyName() []string
- func (ev *Event) GetProcessAncestorsUid() []uint32
- func (ev *Event) GetProcessAncestorsUser() []string
- func (ev *Event) GetProcessArgs() string
- func (ev *Event) GetProcessArgsFlags() []string
- func (ev *Event) GetProcessArgsOptions() []string
- func (ev *Event) GetProcessArgsTruncated() bool
- func (ev *Event) GetProcessArgv() []string
- func (ev *Event) GetProcessArgv0() string
- func (ev *Event) GetProcessCapEffective() uint64
- func (ev *Event) GetProcessCapPermitted() uint64
- func (ev *Event) GetProcessComm() string
- func (ev *Event) GetProcessContainerId() string
- func (ev *Event) GetProcessCreatedAt() int
- func (ev *Event) GetProcessEgid() uint32
- func (ev *Event) GetProcessEgroup() string
- func (ev *Event) GetProcessEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessEnvsTruncated() bool
- func (ev *Event) GetProcessEuid() uint32
- func (ev *Event) GetProcessEuser() string
- func (ev *Event) GetProcessExecTime() time.Time
- func (ev *Event) GetProcessExitTime() time.Time
- func (ev *Event) GetProcessFileChangeTime() uint64
- func (ev *Event) GetProcessFileFilesystem() string
- func (ev *Event) GetProcessFileGid() uint32
- func (ev *Event) GetProcessFileGroup() string
- func (ev *Event) GetProcessFileHashes() []string
- func (ev *Event) GetProcessFileInUpperLayer() bool
- func (ev *Event) GetProcessFileInode() uint64
- func (ev *Event) GetProcessFileMode() uint16
- func (ev *Event) GetProcessFileModificationTime() uint64
- func (ev *Event) GetProcessFileMountId() uint32
- func (ev *Event) GetProcessFileName() string
- func (ev *Event) GetProcessFileNameLength() int
- func (ev *Event) GetProcessFilePackageName() string
- func (ev *Event) GetProcessFilePackageSourceVersion() string
- func (ev *Event) GetProcessFilePackageVersion() string
- func (ev *Event) GetProcessFilePath() string
- func (ev *Event) GetProcessFilePathLength() int
- func (ev *Event) GetProcessFileRights() int
- func (ev *Event) GetProcessFileUid() uint32
- func (ev *Event) GetProcessFileUser() string
- func (ev *Event) GetProcessForkTime() time.Time
- func (ev *Event) GetProcessFsgid() uint32
- func (ev *Event) GetProcessFsgroup() string
- func (ev *Event) GetProcessFsuid() uint32
- func (ev *Event) GetProcessFsuser() string
- func (ev *Event) GetProcessGid() uint32
- func (ev *Event) GetProcessGroup() string
- func (ev *Event) GetProcessInterpreterFileChangeTime() uint64
- func (ev *Event) GetProcessInterpreterFileFilesystem() string
- func (ev *Event) GetProcessInterpreterFileGid() uint32
- func (ev *Event) GetProcessInterpreterFileGroup() string
- func (ev *Event) GetProcessInterpreterFileHashes() []string
- func (ev *Event) GetProcessInterpreterFileInUpperLayer() bool
- func (ev *Event) GetProcessInterpreterFileInode() uint64
- func (ev *Event) GetProcessInterpreterFileMode() uint16
- func (ev *Event) GetProcessInterpreterFileModificationTime() uint64
- func (ev *Event) GetProcessInterpreterFileMountId() uint32
- func (ev *Event) GetProcessInterpreterFileName() string
- func (ev *Event) GetProcessInterpreterFileNameLength() int
- func (ev *Event) GetProcessInterpreterFilePackageName() string
- func (ev *Event) GetProcessInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetProcessInterpreterFilePackageVersion() string
- func (ev *Event) GetProcessInterpreterFilePath() string
- func (ev *Event) GetProcessInterpreterFilePathLength() int
- func (ev *Event) GetProcessInterpreterFileRights() int
- func (ev *Event) GetProcessInterpreterFileUid() uint32
- func (ev *Event) GetProcessInterpreterFileUser() string
- func (ev *Event) GetProcessIsKworker() bool
- func (ev *Event) GetProcessIsThread() bool
- func (ev *Event) GetProcessParentArgs() string
- func (ev *Event) GetProcessParentArgsFlags() []string
- func (ev *Event) GetProcessParentArgsOptions() []string
- func (ev *Event) GetProcessParentArgsTruncated() bool
- func (ev *Event) GetProcessParentArgv() []string
- func (ev *Event) GetProcessParentArgv0() string
- func (ev *Event) GetProcessParentCapEffective() uint64
- func (ev *Event) GetProcessParentCapPermitted() uint64
- func (ev *Event) GetProcessParentComm() string
- func (ev *Event) GetProcessParentContainerId() string
- func (ev *Event) GetProcessParentCreatedAt() int
- func (ev *Event) GetProcessParentEgid() uint32
- func (ev *Event) GetProcessParentEgroup() string
- func (ev *Event) GetProcessParentEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessParentEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetProcessParentEnvsTruncated() bool
- func (ev *Event) GetProcessParentEuid() uint32
- func (ev *Event) GetProcessParentEuser() string
- func (ev *Event) GetProcessParentFileChangeTime() uint64
- func (ev *Event) GetProcessParentFileFilesystem() string
- func (ev *Event) GetProcessParentFileGid() uint32
- func (ev *Event) GetProcessParentFileGroup() string
- func (ev *Event) GetProcessParentFileHashes() []string
- func (ev *Event) GetProcessParentFileInUpperLayer() bool
- func (ev *Event) GetProcessParentFileInode() uint64
- func (ev *Event) GetProcessParentFileMode() uint16
- func (ev *Event) GetProcessParentFileModificationTime() uint64
- func (ev *Event) GetProcessParentFileMountId() uint32
- func (ev *Event) GetProcessParentFileName() string
- func (ev *Event) GetProcessParentFileNameLength() int
- func (ev *Event) GetProcessParentFilePackageName() string
- func (ev *Event) GetProcessParentFilePackageSourceVersion() string
- func (ev *Event) GetProcessParentFilePackageVersion() string
- func (ev *Event) GetProcessParentFilePath() string
- func (ev *Event) GetProcessParentFilePathLength() int
- func (ev *Event) GetProcessParentFileRights() int
- func (ev *Event) GetProcessParentFileUid() uint32
- func (ev *Event) GetProcessParentFileUser() string
- func (ev *Event) GetProcessParentFsgid() uint32
- func (ev *Event) GetProcessParentFsgroup() string
- func (ev *Event) GetProcessParentFsuid() uint32
- func (ev *Event) GetProcessParentFsuser() string
- func (ev *Event) GetProcessParentGid() uint32
- func (ev *Event) GetProcessParentGroup() string
- func (ev *Event) GetProcessParentInterpreterFileChangeTime() uint64
- func (ev *Event) GetProcessParentInterpreterFileFilesystem() string
- func (ev *Event) GetProcessParentInterpreterFileGid() uint32
- func (ev *Event) GetProcessParentInterpreterFileGroup() string
- func (ev *Event) GetProcessParentInterpreterFileHashes() []string
- func (ev *Event) GetProcessParentInterpreterFileInUpperLayer() bool
- func (ev *Event) GetProcessParentInterpreterFileInode() uint64
- func (ev *Event) GetProcessParentInterpreterFileMode() uint16
- func (ev *Event) GetProcessParentInterpreterFileModificationTime() uint64
- func (ev *Event) GetProcessParentInterpreterFileMountId() uint32
- func (ev *Event) GetProcessParentInterpreterFileName() string
- func (ev *Event) GetProcessParentInterpreterFileNameLength() int
- func (ev *Event) GetProcessParentInterpreterFilePackageName() string
- func (ev *Event) GetProcessParentInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetProcessParentInterpreterFilePackageVersion() string
- func (ev *Event) GetProcessParentInterpreterFilePath() string
- func (ev *Event) GetProcessParentInterpreterFilePathLength() int
- func (ev *Event) GetProcessParentInterpreterFileRights() int
- func (ev *Event) GetProcessParentInterpreterFileUid() uint32
- func (ev *Event) GetProcessParentInterpreterFileUser() string
- func (ev *Event) GetProcessParentIsKworker() bool
- func (ev *Event) GetProcessParentIsThread() bool
- func (ev *Event) GetProcessParentPid() uint32
- func (ev *Event) GetProcessParentPpid() uint32
- func (ev *Event) GetProcessParentTid() uint32
- func (ev *Event) GetProcessParentTtyName() string
- func (ev *Event) GetProcessParentUid() uint32
- func (ev *Event) GetProcessParentUser() string
- func (ev *Event) GetProcessPid() uint32
- func (ev *Event) GetProcessPpid() uint32
- func (e *Event) GetProcessService() string
- func (ev *Event) GetProcessTid() uint32
- func (ev *Event) GetProcessTtyName() string
- func (ev *Event) GetProcessUid() uint32
- func (ev *Event) GetProcessUser() string
- func (ev *Event) GetPtraceRequest() uint32
- func (ev *Event) GetPtraceRetval() int64
- func (ev *Event) GetPtraceTraceeAncestorsArgs() []string
- func (ev *Event) GetPtraceTraceeAncestorsArgsFlags() []string
- func (ev *Event) GetPtraceTraceeAncestorsArgsOptions() []string
- func (ev *Event) GetPtraceTraceeAncestorsArgsTruncated() []bool
- func (ev *Event) GetPtraceTraceeAncestorsArgv() []string
- func (ev *Event) GetPtraceTraceeAncestorsArgv0() []string
- func (ev *Event) GetPtraceTraceeAncestorsCapEffective() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsCapPermitted() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsComm() []string
- func (ev *Event) GetPtraceTraceeAncestorsContainerId() []string
- func (ev *Event) GetPtraceTraceeAncestorsCreatedAt() []int
- func (ev *Event) GetPtraceTraceeAncestorsEgid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsEgroup() []string
- func (ev *Event) GetPtraceTraceeAncestorsEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeAncestorsEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeAncestorsEnvsTruncated() []bool
- func (ev *Event) GetPtraceTraceeAncestorsEuid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsEuser() []string
- func (ev *Event) GetPtraceTraceeAncestorsFileChangeTime() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsFileFilesystem() []string
- func (ev *Event) GetPtraceTraceeAncestorsFileGid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsFileGroup() []string
- func (ev *Event) GetPtraceTraceeAncestorsFileHashes() []string
- func (ev *Event) GetPtraceTraceeAncestorsFileInUpperLayer() []bool
- func (ev *Event) GetPtraceTraceeAncestorsFileInode() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsFileMode() []uint16
- func (ev *Event) GetPtraceTraceeAncestorsFileModificationTime() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsFileMountId() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsFileName() []string
- func (ev *Event) GetPtraceTraceeAncestorsFileNameLength() []int
- func (ev *Event) GetPtraceTraceeAncestorsFilePackageName() []string
- func (ev *Event) GetPtraceTraceeAncestorsFilePackageSourceVersion() []string
- func (ev *Event) GetPtraceTraceeAncestorsFilePackageVersion() []string
- func (ev *Event) GetPtraceTraceeAncestorsFilePath() []string
- func (ev *Event) GetPtraceTraceeAncestorsFilePathLength() []int
- func (ev *Event) GetPtraceTraceeAncestorsFileRights() []int
- func (ev *Event) GetPtraceTraceeAncestorsFileUid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsFileUser() []string
- func (ev *Event) GetPtraceTraceeAncestorsFsgid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsFsgroup() []string
- func (ev *Event) GetPtraceTraceeAncestorsFsuid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsFsuser() []string
- func (ev *Event) GetPtraceTraceeAncestorsGid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsGroup() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileChangeTime() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileFilesystem() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileGid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileGroup() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileHashes() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileInUpperLayer() []bool
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileInode() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileMode() []uint16
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileModificationTime() []uint64
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileMountId() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileName() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileNameLength() []int
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageName() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageVersion() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePath() []string
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePathLength() []int
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileRights() []int
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileUid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileUser() []string
- func (ev *Event) GetPtraceTraceeAncestorsIsKworker() []bool
- func (ev *Event) GetPtraceTraceeAncestorsIsThread() []bool
- func (ev *Event) GetPtraceTraceeAncestorsPid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsPpid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsTid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsTtyName() []string
- func (ev *Event) GetPtraceTraceeAncestorsUid() []uint32
- func (ev *Event) GetPtraceTraceeAncestorsUser() []string
- func (ev *Event) GetPtraceTraceeArgs() string
- func (ev *Event) GetPtraceTraceeArgsFlags() []string
- func (ev *Event) GetPtraceTraceeArgsOptions() []string
- func (ev *Event) GetPtraceTraceeArgsTruncated() bool
- func (ev *Event) GetPtraceTraceeArgv() []string
- func (ev *Event) GetPtraceTraceeArgv0() string
- func (ev *Event) GetPtraceTraceeCapEffective() uint64
- func (ev *Event) GetPtraceTraceeCapPermitted() uint64
- func (ev *Event) GetPtraceTraceeComm() string
- func (ev *Event) GetPtraceTraceeContainerId() string
- func (ev *Event) GetPtraceTraceeCreatedAt() int
- func (ev *Event) GetPtraceTraceeEgid() uint32
- func (ev *Event) GetPtraceTraceeEgroup() string
- func (ev *Event) GetPtraceTraceeEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeEnvsTruncated() bool
- func (ev *Event) GetPtraceTraceeEuid() uint32
- func (ev *Event) GetPtraceTraceeEuser() string
- func (ev *Event) GetPtraceTraceeExecTime() time.Time
- func (ev *Event) GetPtraceTraceeExitTime() time.Time
- func (ev *Event) GetPtraceTraceeFileChangeTime() uint64
- func (ev *Event) GetPtraceTraceeFileFilesystem() string
- func (ev *Event) GetPtraceTraceeFileGid() uint32
- func (ev *Event) GetPtraceTraceeFileGroup() string
- func (ev *Event) GetPtraceTraceeFileHashes() []string
- func (ev *Event) GetPtraceTraceeFileInUpperLayer() bool
- func (ev *Event) GetPtraceTraceeFileInode() uint64
- func (ev *Event) GetPtraceTraceeFileMode() uint16
- func (ev *Event) GetPtraceTraceeFileModificationTime() uint64
- func (ev *Event) GetPtraceTraceeFileMountId() uint32
- func (ev *Event) GetPtraceTraceeFileName() string
- func (ev *Event) GetPtraceTraceeFileNameLength() int
- func (ev *Event) GetPtraceTraceeFilePackageName() string
- func (ev *Event) GetPtraceTraceeFilePackageSourceVersion() string
- func (ev *Event) GetPtraceTraceeFilePackageVersion() string
- func (ev *Event) GetPtraceTraceeFilePath() string
- func (ev *Event) GetPtraceTraceeFilePathLength() int
- func (ev *Event) GetPtraceTraceeFileRights() int
- func (ev *Event) GetPtraceTraceeFileUid() uint32
- func (ev *Event) GetPtraceTraceeFileUser() string
- func (ev *Event) GetPtraceTraceeForkTime() time.Time
- func (ev *Event) GetPtraceTraceeFsgid() uint32
- func (ev *Event) GetPtraceTraceeFsgroup() string
- func (ev *Event) GetPtraceTraceeFsuid() uint32
- func (ev *Event) GetPtraceTraceeFsuser() string
- func (ev *Event) GetPtraceTraceeGid() uint32
- func (ev *Event) GetPtraceTraceeGroup() string
- func (ev *Event) GetPtraceTraceeInterpreterFileChangeTime() uint64
- func (ev *Event) GetPtraceTraceeInterpreterFileFilesystem() string
- func (ev *Event) GetPtraceTraceeInterpreterFileGid() uint32
- func (ev *Event) GetPtraceTraceeInterpreterFileGroup() string
- func (ev *Event) GetPtraceTraceeInterpreterFileHashes() []string
- func (ev *Event) GetPtraceTraceeInterpreterFileInUpperLayer() bool
- func (ev *Event) GetPtraceTraceeInterpreterFileInode() uint64
- func (ev *Event) GetPtraceTraceeInterpreterFileMode() uint16
- func (ev *Event) GetPtraceTraceeInterpreterFileModificationTime() uint64
- func (ev *Event) GetPtraceTraceeInterpreterFileMountId() uint32
- func (ev *Event) GetPtraceTraceeInterpreterFileName() string
- func (ev *Event) GetPtraceTraceeInterpreterFileNameLength() int
- func (ev *Event) GetPtraceTraceeInterpreterFilePackageName() string
- func (ev *Event) GetPtraceTraceeInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetPtraceTraceeInterpreterFilePackageVersion() string
- func (ev *Event) GetPtraceTraceeInterpreterFilePath() string
- func (ev *Event) GetPtraceTraceeInterpreterFilePathLength() int
- func (ev *Event) GetPtraceTraceeInterpreterFileRights() int
- func (ev *Event) GetPtraceTraceeInterpreterFileUid() uint32
- func (ev *Event) GetPtraceTraceeInterpreterFileUser() string
- func (ev *Event) GetPtraceTraceeIsKworker() bool
- func (ev *Event) GetPtraceTraceeIsThread() bool
- func (ev *Event) GetPtraceTraceeParentArgs() string
- func (ev *Event) GetPtraceTraceeParentArgsFlags() []string
- func (ev *Event) GetPtraceTraceeParentArgsOptions() []string
- func (ev *Event) GetPtraceTraceeParentArgsTruncated() bool
- func (ev *Event) GetPtraceTraceeParentArgv() []string
- func (ev *Event) GetPtraceTraceeParentArgv0() string
- func (ev *Event) GetPtraceTraceeParentCapEffective() uint64
- func (ev *Event) GetPtraceTraceeParentCapPermitted() uint64
- func (ev *Event) GetPtraceTraceeParentComm() string
- func (ev *Event) GetPtraceTraceeParentContainerId() string
- func (ev *Event) GetPtraceTraceeParentCreatedAt() int
- func (ev *Event) GetPtraceTraceeParentEgid() uint32
- func (ev *Event) GetPtraceTraceeParentEgroup() string
- func (ev *Event) GetPtraceTraceeParentEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeParentEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetPtraceTraceeParentEnvsTruncated() bool
- func (ev *Event) GetPtraceTraceeParentEuid() uint32
- func (ev *Event) GetPtraceTraceeParentEuser() string
- func (ev *Event) GetPtraceTraceeParentFileChangeTime() uint64
- func (ev *Event) GetPtraceTraceeParentFileFilesystem() string
- func (ev *Event) GetPtraceTraceeParentFileGid() uint32
- func (ev *Event) GetPtraceTraceeParentFileGroup() string
- func (ev *Event) GetPtraceTraceeParentFileHashes() []string
- func (ev *Event) GetPtraceTraceeParentFileInUpperLayer() bool
- func (ev *Event) GetPtraceTraceeParentFileInode() uint64
- func (ev *Event) GetPtraceTraceeParentFileMode() uint16
- func (ev *Event) GetPtraceTraceeParentFileModificationTime() uint64
- func (ev *Event) GetPtraceTraceeParentFileMountId() uint32
- func (ev *Event) GetPtraceTraceeParentFileName() string
- func (ev *Event) GetPtraceTraceeParentFileNameLength() int
- func (ev *Event) GetPtraceTraceeParentFilePackageName() string
- func (ev *Event) GetPtraceTraceeParentFilePackageSourceVersion() string
- func (ev *Event) GetPtraceTraceeParentFilePackageVersion() string
- func (ev *Event) GetPtraceTraceeParentFilePath() string
- func (ev *Event) GetPtraceTraceeParentFilePathLength() int
- func (ev *Event) GetPtraceTraceeParentFileRights() int
- func (ev *Event) GetPtraceTraceeParentFileUid() uint32
- func (ev *Event) GetPtraceTraceeParentFileUser() string
- func (ev *Event) GetPtraceTraceeParentFsgid() uint32
- func (ev *Event) GetPtraceTraceeParentFsgroup() string
- func (ev *Event) GetPtraceTraceeParentFsuid() uint32
- func (ev *Event) GetPtraceTraceeParentFsuser() string
- func (ev *Event) GetPtraceTraceeParentGid() uint32
- func (ev *Event) GetPtraceTraceeParentGroup() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFileChangeTime() uint64
- func (ev *Event) GetPtraceTraceeParentInterpreterFileFilesystem() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFileGid() uint32
- func (ev *Event) GetPtraceTraceeParentInterpreterFileGroup() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFileHashes() []string
- func (ev *Event) GetPtraceTraceeParentInterpreterFileInUpperLayer() bool
- func (ev *Event) GetPtraceTraceeParentInterpreterFileInode() uint64
- func (ev *Event) GetPtraceTraceeParentInterpreterFileMode() uint16
- func (ev *Event) GetPtraceTraceeParentInterpreterFileModificationTime() uint64
- func (ev *Event) GetPtraceTraceeParentInterpreterFileMountId() uint32
- func (ev *Event) GetPtraceTraceeParentInterpreterFileName() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFileNameLength() int
- func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageName() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageVersion() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFilePath() string
- func (ev *Event) GetPtraceTraceeParentInterpreterFilePathLength() int
- func (ev *Event) GetPtraceTraceeParentInterpreterFileRights() int
- func (ev *Event) GetPtraceTraceeParentInterpreterFileUid() uint32
- func (ev *Event) GetPtraceTraceeParentInterpreterFileUser() string
- func (ev *Event) GetPtraceTraceeParentIsKworker() bool
- func (ev *Event) GetPtraceTraceeParentIsThread() bool
- func (ev *Event) GetPtraceTraceeParentPid() uint32
- func (ev *Event) GetPtraceTraceeParentPpid() uint32
- func (ev *Event) GetPtraceTraceeParentTid() uint32
- func (ev *Event) GetPtraceTraceeParentTtyName() string
- func (ev *Event) GetPtraceTraceeParentUid() uint32
- func (ev *Event) GetPtraceTraceeParentUser() string
- func (ev *Event) GetPtraceTraceePid() uint32
- func (ev *Event) GetPtraceTraceePpid() uint32
- func (ev *Event) GetPtraceTraceeTid() uint32
- func (ev *Event) GetPtraceTraceeTtyName() string
- func (ev *Event) GetPtraceTraceeUid() uint32
- func (ev *Event) GetPtraceTraceeUser() string
- func (ev *Event) GetRemovexattrFileChangeTime() uint64
- func (ev *Event) GetRemovexattrFileDestinationName() string
- func (ev *Event) GetRemovexattrFileDestinationNamespace() string
- func (ev *Event) GetRemovexattrFileFilesystem() string
- func (ev *Event) GetRemovexattrFileGid() uint32
- func (ev *Event) GetRemovexattrFileGroup() string
- func (ev *Event) GetRemovexattrFileHashes() []string
- func (ev *Event) GetRemovexattrFileInUpperLayer() bool
- func (ev *Event) GetRemovexattrFileInode() uint64
- func (ev *Event) GetRemovexattrFileMode() uint16
- func (ev *Event) GetRemovexattrFileModificationTime() uint64
- func (ev *Event) GetRemovexattrFileMountId() uint32
- func (ev *Event) GetRemovexattrFileName() string
- func (ev *Event) GetRemovexattrFileNameLength() int
- func (ev *Event) GetRemovexattrFilePackageName() string
- func (ev *Event) GetRemovexattrFilePackageSourceVersion() string
- func (ev *Event) GetRemovexattrFilePackageVersion() string
- func (ev *Event) GetRemovexattrFilePath() string
- func (ev *Event) GetRemovexattrFilePathLength() int
- func (ev *Event) GetRemovexattrFileRights() int
- func (ev *Event) GetRemovexattrFileUid() uint32
- func (ev *Event) GetRemovexattrFileUser() string
- func (ev *Event) GetRemovexattrRetval() int64
- func (ev *Event) GetRenameFileChangeTime() uint64
- func (ev *Event) GetRenameFileDestinationChangeTime() uint64
- func (ev *Event) GetRenameFileDestinationFilesystem() string
- func (ev *Event) GetRenameFileDestinationGid() uint32
- func (ev *Event) GetRenameFileDestinationGroup() string
- func (ev *Event) GetRenameFileDestinationHashes() []string
- func (ev *Event) GetRenameFileDestinationInUpperLayer() bool
- func (ev *Event) GetRenameFileDestinationInode() uint64
- func (ev *Event) GetRenameFileDestinationMode() uint16
- func (ev *Event) GetRenameFileDestinationModificationTime() uint64
- func (ev *Event) GetRenameFileDestinationMountId() uint32
- func (ev *Event) GetRenameFileDestinationName() string
- func (ev *Event) GetRenameFileDestinationNameLength() int
- func (ev *Event) GetRenameFileDestinationPackageName() string
- func (ev *Event) GetRenameFileDestinationPackageSourceVersion() string
- func (ev *Event) GetRenameFileDestinationPackageVersion() string
- func (ev *Event) GetRenameFileDestinationPath() string
- func (ev *Event) GetRenameFileDestinationPathLength() int
- func (ev *Event) GetRenameFileDestinationRights() int
- func (ev *Event) GetRenameFileDestinationUid() uint32
- func (ev *Event) GetRenameFileDestinationUser() string
- func (ev *Event) GetRenameFileFilesystem() string
- func (ev *Event) GetRenameFileGid() uint32
- func (ev *Event) GetRenameFileGroup() string
- func (ev *Event) GetRenameFileHashes() []string
- func (ev *Event) GetRenameFileInUpperLayer() bool
- func (ev *Event) GetRenameFileInode() uint64
- func (ev *Event) GetRenameFileMode() uint16
- func (ev *Event) GetRenameFileModificationTime() uint64
- func (ev *Event) GetRenameFileMountId() uint32
- func (ev *Event) GetRenameFileName() string
- func (ev *Event) GetRenameFileNameLength() int
- func (ev *Event) GetRenameFilePackageName() string
- func (ev *Event) GetRenameFilePackageSourceVersion() string
- func (ev *Event) GetRenameFilePackageVersion() string
- func (ev *Event) GetRenameFilePath() string
- func (ev *Event) GetRenameFilePathLength() int
- func (ev *Event) GetRenameFileRights() int
- func (ev *Event) GetRenameFileUid() uint32
- func (ev *Event) GetRenameFileUser() string
- func (ev *Event) GetRenameRetval() int64
- func (ev *Event) GetRmdirFileChangeTime() uint64
- func (ev *Event) GetRmdirFileFilesystem() string
- func (ev *Event) GetRmdirFileGid() uint32
- func (ev *Event) GetRmdirFileGroup() string
- func (ev *Event) GetRmdirFileHashes() []string
- func (ev *Event) GetRmdirFileInUpperLayer() bool
- func (ev *Event) GetRmdirFileInode() uint64
- func (ev *Event) GetRmdirFileMode() uint16
- func (ev *Event) GetRmdirFileModificationTime() uint64
- func (ev *Event) GetRmdirFileMountId() uint32
- func (ev *Event) GetRmdirFileName() string
- func (ev *Event) GetRmdirFileNameLength() int
- func (ev *Event) GetRmdirFilePackageName() string
- func (ev *Event) GetRmdirFilePackageSourceVersion() string
- func (ev *Event) GetRmdirFilePackageVersion() string
- func (ev *Event) GetRmdirFilePath() string
- func (ev *Event) GetRmdirFilePathLength() int
- func (ev *Event) GetRmdirFileRights() int
- func (ev *Event) GetRmdirFileUid() uint32
- func (ev *Event) GetRmdirFileUser() string
- func (ev *Event) GetRmdirRetval() int64
- func (ev *Event) GetSelinuxBoolCommitState() bool
- func (ev *Event) GetSelinuxBoolName() string
- func (ev *Event) GetSelinuxBoolState() string
- func (ev *Event) GetSelinuxEnforceStatus() string
- func (ev *Event) GetSetgidEgid() uint32
- func (ev *Event) GetSetgidEgroup() string
- func (ev *Event) GetSetgidFsgid() uint32
- func (ev *Event) GetSetgidFsgroup() string
- func (ev *Event) GetSetgidGid() uint32
- func (ev *Event) GetSetgidGroup() string
- func (ev *Event) GetSetuidEuid() uint32
- func (ev *Event) GetSetuidEuser() string
- func (ev *Event) GetSetuidFsuid() uint32
- func (ev *Event) GetSetuidFsuser() string
- func (ev *Event) GetSetuidUid() uint32
- func (ev *Event) GetSetuidUser() string
- func (ev *Event) GetSetxattrFileChangeTime() uint64
- func (ev *Event) GetSetxattrFileDestinationName() string
- func (ev *Event) GetSetxattrFileDestinationNamespace() string
- func (ev *Event) GetSetxattrFileFilesystem() string
- func (ev *Event) GetSetxattrFileGid() uint32
- func (ev *Event) GetSetxattrFileGroup() string
- func (ev *Event) GetSetxattrFileHashes() []string
- func (ev *Event) GetSetxattrFileInUpperLayer() bool
- func (ev *Event) GetSetxattrFileInode() uint64
- func (ev *Event) GetSetxattrFileMode() uint16
- func (ev *Event) GetSetxattrFileModificationTime() uint64
- func (ev *Event) GetSetxattrFileMountId() uint32
- func (ev *Event) GetSetxattrFileName() string
- func (ev *Event) GetSetxattrFileNameLength() int
- func (ev *Event) GetSetxattrFilePackageName() string
- func (ev *Event) GetSetxattrFilePackageSourceVersion() string
- func (ev *Event) GetSetxattrFilePackageVersion() string
- func (ev *Event) GetSetxattrFilePath() string
- func (ev *Event) GetSetxattrFilePathLength() int
- func (ev *Event) GetSetxattrFileRights() int
- func (ev *Event) GetSetxattrFileUid() uint32
- func (ev *Event) GetSetxattrFileUser() string
- func (ev *Event) GetSetxattrRetval() int64
- func (ev *Event) GetSignalPid() uint32
- func (ev *Event) GetSignalRetval() int64
- func (ev *Event) GetSignalTargetAncestorsArgs() []string
- func (ev *Event) GetSignalTargetAncestorsArgsFlags() []string
- func (ev *Event) GetSignalTargetAncestorsArgsOptions() []string
- func (ev *Event) GetSignalTargetAncestorsArgsTruncated() []bool
- func (ev *Event) GetSignalTargetAncestorsArgv() []string
- func (ev *Event) GetSignalTargetAncestorsArgv0() []string
- func (ev *Event) GetSignalTargetAncestorsCapEffective() []uint64
- func (ev *Event) GetSignalTargetAncestorsCapPermitted() []uint64
- func (ev *Event) GetSignalTargetAncestorsComm() []string
- func (ev *Event) GetSignalTargetAncestorsContainerId() []string
- func (ev *Event) GetSignalTargetAncestorsCreatedAt() []int
- func (ev *Event) GetSignalTargetAncestorsEgid() []uint32
- func (ev *Event) GetSignalTargetAncestorsEgroup() []string
- func (ev *Event) GetSignalTargetAncestorsEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetAncestorsEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetAncestorsEnvsTruncated() []bool
- func (ev *Event) GetSignalTargetAncestorsEuid() []uint32
- func (ev *Event) GetSignalTargetAncestorsEuser() []string
- func (ev *Event) GetSignalTargetAncestorsFileChangeTime() []uint64
- func (ev *Event) GetSignalTargetAncestorsFileFilesystem() []string
- func (ev *Event) GetSignalTargetAncestorsFileGid() []uint32
- func (ev *Event) GetSignalTargetAncestorsFileGroup() []string
- func (ev *Event) GetSignalTargetAncestorsFileHashes() []string
- func (ev *Event) GetSignalTargetAncestorsFileInUpperLayer() []bool
- func (ev *Event) GetSignalTargetAncestorsFileInode() []uint64
- func (ev *Event) GetSignalTargetAncestorsFileMode() []uint16
- func (ev *Event) GetSignalTargetAncestorsFileModificationTime() []uint64
- func (ev *Event) GetSignalTargetAncestorsFileMountId() []uint32
- func (ev *Event) GetSignalTargetAncestorsFileName() []string
- func (ev *Event) GetSignalTargetAncestorsFileNameLength() []int
- func (ev *Event) GetSignalTargetAncestorsFilePackageName() []string
- func (ev *Event) GetSignalTargetAncestorsFilePackageSourceVersion() []string
- func (ev *Event) GetSignalTargetAncestorsFilePackageVersion() []string
- func (ev *Event) GetSignalTargetAncestorsFilePath() []string
- func (ev *Event) GetSignalTargetAncestorsFilePathLength() []int
- func (ev *Event) GetSignalTargetAncestorsFileRights() []int
- func (ev *Event) GetSignalTargetAncestorsFileUid() []uint32
- func (ev *Event) GetSignalTargetAncestorsFileUser() []string
- func (ev *Event) GetSignalTargetAncestorsFsgid() []uint32
- func (ev *Event) GetSignalTargetAncestorsFsgroup() []string
- func (ev *Event) GetSignalTargetAncestorsFsuid() []uint32
- func (ev *Event) GetSignalTargetAncestorsFsuser() []string
- func (ev *Event) GetSignalTargetAncestorsGid() []uint32
- func (ev *Event) GetSignalTargetAncestorsGroup() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileChangeTime() []uint64
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileFilesystem() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileGid() []uint32
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileGroup() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileHashes() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileInUpperLayer() []bool
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileInode() []uint64
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileMode() []uint16
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileModificationTime() []uint64
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileMountId() []uint32
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileName() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileNameLength() []int
- func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageName() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageSourceVersion() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageVersion() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFilePath() []string
- func (ev *Event) GetSignalTargetAncestorsInterpreterFilePathLength() []int
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileRights() []int
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileUid() []uint32
- func (ev *Event) GetSignalTargetAncestorsInterpreterFileUser() []string
- func (ev *Event) GetSignalTargetAncestorsIsKworker() []bool
- func (ev *Event) GetSignalTargetAncestorsIsThread() []bool
- func (ev *Event) GetSignalTargetAncestorsPid() []uint32
- func (ev *Event) GetSignalTargetAncestorsPpid() []uint32
- func (ev *Event) GetSignalTargetAncestorsTid() []uint32
- func (ev *Event) GetSignalTargetAncestorsTtyName() []string
- func (ev *Event) GetSignalTargetAncestorsUid() []uint32
- func (ev *Event) GetSignalTargetAncestorsUser() []string
- func (ev *Event) GetSignalTargetArgs() string
- func (ev *Event) GetSignalTargetArgsFlags() []string
- func (ev *Event) GetSignalTargetArgsOptions() []string
- func (ev *Event) GetSignalTargetArgsTruncated() bool
- func (ev *Event) GetSignalTargetArgv() []string
- func (ev *Event) GetSignalTargetArgv0() string
- func (ev *Event) GetSignalTargetCapEffective() uint64
- func (ev *Event) GetSignalTargetCapPermitted() uint64
- func (ev *Event) GetSignalTargetComm() string
- func (ev *Event) GetSignalTargetContainerId() string
- func (ev *Event) GetSignalTargetCreatedAt() int
- func (ev *Event) GetSignalTargetEgid() uint32
- func (ev *Event) GetSignalTargetEgroup() string
- func (ev *Event) GetSignalTargetEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetEnvsTruncated() bool
- func (ev *Event) GetSignalTargetEuid() uint32
- func (ev *Event) GetSignalTargetEuser() string
- func (ev *Event) GetSignalTargetExecTime() time.Time
- func (ev *Event) GetSignalTargetExitTime() time.Time
- func (ev *Event) GetSignalTargetFileChangeTime() uint64
- func (ev *Event) GetSignalTargetFileFilesystem() string
- func (ev *Event) GetSignalTargetFileGid() uint32
- func (ev *Event) GetSignalTargetFileGroup() string
- func (ev *Event) GetSignalTargetFileHashes() []string
- func (ev *Event) GetSignalTargetFileInUpperLayer() bool
- func (ev *Event) GetSignalTargetFileInode() uint64
- func (ev *Event) GetSignalTargetFileMode() uint16
- func (ev *Event) GetSignalTargetFileModificationTime() uint64
- func (ev *Event) GetSignalTargetFileMountId() uint32
- func (ev *Event) GetSignalTargetFileName() string
- func (ev *Event) GetSignalTargetFileNameLength() int
- func (ev *Event) GetSignalTargetFilePackageName() string
- func (ev *Event) GetSignalTargetFilePackageSourceVersion() string
- func (ev *Event) GetSignalTargetFilePackageVersion() string
- func (ev *Event) GetSignalTargetFilePath() string
- func (ev *Event) GetSignalTargetFilePathLength() int
- func (ev *Event) GetSignalTargetFileRights() int
- func (ev *Event) GetSignalTargetFileUid() uint32
- func (ev *Event) GetSignalTargetFileUser() string
- func (ev *Event) GetSignalTargetForkTime() time.Time
- func (ev *Event) GetSignalTargetFsgid() uint32
- func (ev *Event) GetSignalTargetFsgroup() string
- func (ev *Event) GetSignalTargetFsuid() uint32
- func (ev *Event) GetSignalTargetFsuser() string
- func (ev *Event) GetSignalTargetGid() uint32
- func (ev *Event) GetSignalTargetGroup() string
- func (ev *Event) GetSignalTargetInterpreterFileChangeTime() uint64
- func (ev *Event) GetSignalTargetInterpreterFileFilesystem() string
- func (ev *Event) GetSignalTargetInterpreterFileGid() uint32
- func (ev *Event) GetSignalTargetInterpreterFileGroup() string
- func (ev *Event) GetSignalTargetInterpreterFileHashes() []string
- func (ev *Event) GetSignalTargetInterpreterFileInUpperLayer() bool
- func (ev *Event) GetSignalTargetInterpreterFileInode() uint64
- func (ev *Event) GetSignalTargetInterpreterFileMode() uint16
- func (ev *Event) GetSignalTargetInterpreterFileModificationTime() uint64
- func (ev *Event) GetSignalTargetInterpreterFileMountId() uint32
- func (ev *Event) GetSignalTargetInterpreterFileName() string
- func (ev *Event) GetSignalTargetInterpreterFileNameLength() int
- func (ev *Event) GetSignalTargetInterpreterFilePackageName() string
- func (ev *Event) GetSignalTargetInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetSignalTargetInterpreterFilePackageVersion() string
- func (ev *Event) GetSignalTargetInterpreterFilePath() string
- func (ev *Event) GetSignalTargetInterpreterFilePathLength() int
- func (ev *Event) GetSignalTargetInterpreterFileRights() int
- func (ev *Event) GetSignalTargetInterpreterFileUid() uint32
- func (ev *Event) GetSignalTargetInterpreterFileUser() string
- func (ev *Event) GetSignalTargetIsKworker() bool
- func (ev *Event) GetSignalTargetIsThread() bool
- func (ev *Event) GetSignalTargetParentArgs() string
- func (ev *Event) GetSignalTargetParentArgsFlags() []string
- func (ev *Event) GetSignalTargetParentArgsOptions() []string
- func (ev *Event) GetSignalTargetParentArgsTruncated() bool
- func (ev *Event) GetSignalTargetParentArgv() []string
- func (ev *Event) GetSignalTargetParentArgv0() string
- func (ev *Event) GetSignalTargetParentCapEffective() uint64
- func (ev *Event) GetSignalTargetParentCapPermitted() uint64
- func (ev *Event) GetSignalTargetParentComm() string
- func (ev *Event) GetSignalTargetParentContainerId() string
- func (ev *Event) GetSignalTargetParentCreatedAt() int
- func (ev *Event) GetSignalTargetParentEgid() uint32
- func (ev *Event) GetSignalTargetParentEgroup() string
- func (ev *Event) GetSignalTargetParentEnvp(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetParentEnvs(desiredKeys map[string]bool) []string
- func (ev *Event) GetSignalTargetParentEnvsTruncated() bool
- func (ev *Event) GetSignalTargetParentEuid() uint32
- func (ev *Event) GetSignalTargetParentEuser() string
- func (ev *Event) GetSignalTargetParentFileChangeTime() uint64
- func (ev *Event) GetSignalTargetParentFileFilesystem() string
- func (ev *Event) GetSignalTargetParentFileGid() uint32
- func (ev *Event) GetSignalTargetParentFileGroup() string
- func (ev *Event) GetSignalTargetParentFileHashes() []string
- func (ev *Event) GetSignalTargetParentFileInUpperLayer() bool
- func (ev *Event) GetSignalTargetParentFileInode() uint64
- func (ev *Event) GetSignalTargetParentFileMode() uint16
- func (ev *Event) GetSignalTargetParentFileModificationTime() uint64
- func (ev *Event) GetSignalTargetParentFileMountId() uint32
- func (ev *Event) GetSignalTargetParentFileName() string
- func (ev *Event) GetSignalTargetParentFileNameLength() int
- func (ev *Event) GetSignalTargetParentFilePackageName() string
- func (ev *Event) GetSignalTargetParentFilePackageSourceVersion() string
- func (ev *Event) GetSignalTargetParentFilePackageVersion() string
- func (ev *Event) GetSignalTargetParentFilePath() string
- func (ev *Event) GetSignalTargetParentFilePathLength() int
- func (ev *Event) GetSignalTargetParentFileRights() int
- func (ev *Event) GetSignalTargetParentFileUid() uint32
- func (ev *Event) GetSignalTargetParentFileUser() string
- func (ev *Event) GetSignalTargetParentFsgid() uint32
- func (ev *Event) GetSignalTargetParentFsgroup() string
- func (ev *Event) GetSignalTargetParentFsuid() uint32
- func (ev *Event) GetSignalTargetParentFsuser() string
- func (ev *Event) GetSignalTargetParentGid() uint32
- func (ev *Event) GetSignalTargetParentGroup() string
- func (ev *Event) GetSignalTargetParentInterpreterFileChangeTime() uint64
- func (ev *Event) GetSignalTargetParentInterpreterFileFilesystem() string
- func (ev *Event) GetSignalTargetParentInterpreterFileGid() uint32
- func (ev *Event) GetSignalTargetParentInterpreterFileGroup() string
- func (ev *Event) GetSignalTargetParentInterpreterFileHashes() []string
- func (ev *Event) GetSignalTargetParentInterpreterFileInUpperLayer() bool
- func (ev *Event) GetSignalTargetParentInterpreterFileInode() uint64
- func (ev *Event) GetSignalTargetParentInterpreterFileMode() uint16
- func (ev *Event) GetSignalTargetParentInterpreterFileModificationTime() uint64
- func (ev *Event) GetSignalTargetParentInterpreterFileMountId() uint32
- func (ev *Event) GetSignalTargetParentInterpreterFileName() string
- func (ev *Event) GetSignalTargetParentInterpreterFileNameLength() int
- func (ev *Event) GetSignalTargetParentInterpreterFilePackageName() string
- func (ev *Event) GetSignalTargetParentInterpreterFilePackageSourceVersion() string
- func (ev *Event) GetSignalTargetParentInterpreterFilePackageVersion() string
- func (ev *Event) GetSignalTargetParentInterpreterFilePath() string
- func (ev *Event) GetSignalTargetParentInterpreterFilePathLength() int
- func (ev *Event) GetSignalTargetParentInterpreterFileRights() int
- func (ev *Event) GetSignalTargetParentInterpreterFileUid() uint32
- func (ev *Event) GetSignalTargetParentInterpreterFileUser() string
- func (ev *Event) GetSignalTargetParentIsKworker() bool
- func (ev *Event) GetSignalTargetParentIsThread() bool
- func (ev *Event) GetSignalTargetParentPid() uint32
- func (ev *Event) GetSignalTargetParentPpid() uint32
- func (ev *Event) GetSignalTargetParentTid() uint32
- func (ev *Event) GetSignalTargetParentTtyName() string
- func (ev *Event) GetSignalTargetParentUid() uint32
- func (ev *Event) GetSignalTargetParentUser() string
- func (ev *Event) GetSignalTargetPid() uint32
- func (ev *Event) GetSignalTargetPpid() uint32
- func (ev *Event) GetSignalTargetTid() uint32
- func (ev *Event) GetSignalTargetTtyName() string
- func (ev *Event) GetSignalTargetUid() uint32
- func (ev *Event) GetSignalTargetUser() string
- func (ev *Event) GetSignalType() uint32
- func (ev *Event) GetSpliceFileChangeTime() uint64
- func (ev *Event) GetSpliceFileFilesystem() string
- func (ev *Event) GetSpliceFileGid() uint32
- func (ev *Event) GetSpliceFileGroup() string
- func (ev *Event) GetSpliceFileHashes() []string
- func (ev *Event) GetSpliceFileInUpperLayer() bool
- func (ev *Event) GetSpliceFileInode() uint64
- func (ev *Event) GetSpliceFileMode() uint16
- func (ev *Event) GetSpliceFileModificationTime() uint64
- func (ev *Event) GetSpliceFileMountId() uint32
- func (ev *Event) GetSpliceFileName() string
- func (ev *Event) GetSpliceFileNameLength() int
- func (ev *Event) GetSpliceFilePackageName() string
- func (ev *Event) GetSpliceFilePackageSourceVersion() string
- func (ev *Event) GetSpliceFilePackageVersion() string
- func (ev *Event) GetSpliceFilePath() string
- func (ev *Event) GetSpliceFilePathLength() int
- func (ev *Event) GetSpliceFileRights() int
- func (ev *Event) GetSpliceFileUid() uint32
- func (ev *Event) GetSpliceFileUser() string
- func (ev *Event) GetSplicePipeEntryFlag() uint32
- func (ev *Event) GetSplicePipeExitFlag() uint32
- func (ev *Event) GetSpliceRetval() int64
- func (e *Event) GetTags() []string
- func (ev *Event) GetTimestamp() time.Time
- func (e *Event) GetType() string
- func (ev *Event) GetUnlinkFileChangeTime() uint64
- func (ev *Event) GetUnlinkFileFilesystem() string
- func (ev *Event) GetUnlinkFileGid() uint32
- func (ev *Event) GetUnlinkFileGroup() string
- func (ev *Event) GetUnlinkFileHashes() []string
- func (ev *Event) GetUnlinkFileInUpperLayer() bool
- func (ev *Event) GetUnlinkFileInode() uint64
- func (ev *Event) GetUnlinkFileMode() uint16
- func (ev *Event) GetUnlinkFileModificationTime() uint64
- func (ev *Event) GetUnlinkFileMountId() uint32
- func (ev *Event) GetUnlinkFileName() string
- func (ev *Event) GetUnlinkFileNameLength() int
- func (ev *Event) GetUnlinkFilePackageName() string
- func (ev *Event) GetUnlinkFilePackageSourceVersion() string
- func (ev *Event) GetUnlinkFilePackageVersion() string
- func (ev *Event) GetUnlinkFilePath() string
- func (ev *Event) GetUnlinkFilePathLength() int
- func (ev *Event) GetUnlinkFileRights() int
- func (ev *Event) GetUnlinkFileUid() uint32
- func (ev *Event) GetUnlinkFileUser() string
- func (ev *Event) GetUnlinkFlags() uint32
- func (ev *Event) GetUnlinkRetval() int64
- func (ev *Event) GetUnloadModuleName() string
- func (ev *Event) GetUnloadModuleRetval() int64
- func (ev *Event) GetUtimesFileChangeTime() uint64
- func (ev *Event) GetUtimesFileFilesystem() string
- func (ev *Event) GetUtimesFileGid() uint32
- func (ev *Event) GetUtimesFileGroup() string
- func (ev *Event) GetUtimesFileHashes() []string
- func (ev *Event) GetUtimesFileInUpperLayer() bool
- func (ev *Event) GetUtimesFileInode() uint64
- func (ev *Event) GetUtimesFileMode() uint16
- func (ev *Event) GetUtimesFileModificationTime() uint64
- func (ev *Event) GetUtimesFileMountId() uint32
- func (ev *Event) GetUtimesFileName() string
- func (ev *Event) GetUtimesFileNameLength() int
- func (ev *Event) GetUtimesFilePackageName() string
- func (ev *Event) GetUtimesFilePackageSourceVersion() string
- func (ev *Event) GetUtimesFilePackageVersion() string
- func (ev *Event) GetUtimesFilePath() string
- func (ev *Event) GetUtimesFilePathLength() int
- func (ev *Event) GetUtimesFileRights() int
- func (ev *Event) GetUtimesFileUid() uint32
- func (ev *Event) GetUtimesFileUser() string
- func (ev *Event) GetUtimesRetval() int64
- func (e *Event) GetWorkloadID() string
- func (e *Event) HasProfile() bool
- func (e *Event) Init()
- func (e *Event) IsActivityDumpSample() bool
- func (e *Event) IsAnomalyDetectionEvent() bool
- func (e *Event) IsInProfile() bool
- func (e *Event) IsKernelSpaceAnomalyDetectionEvent() bool
- func (e *Event) IsSavedByActivityDumps() bool
- func (e *Event) Release()
- func (e *Event) RemoveFromFlags(flag uint32)
- func (e *Event) ResolveEventTime() time.Time
- func (ev *Event) ResolveFields()
- func (ev *Event) ResolveFieldsForAD()
- func (e *Event) ResolveProcessCacheEntry() (*ProcessCacheEntry, bool)
- func (e *Event) Retain() Event
- func (ev *Event) SetFieldValue(field eval.Field, value interface{}) error
- func (ev *Event) SetPathResolutionError(fileFields *FileEvent, err error)
- func (e *Event) UnmarshalBinary(data []byte) (int, error)
- func (e *Event) Zero()
- type EventCategory
- type EventType
- type ExecEvent
- type ExitCause
- type ExitEvent
- type ExtraFieldHandlers
- type FieldHandlers
- type FileEvent
- type FileFields
- func (f *FileFields) Equals(o *FileFields) bool
- func (f *FileFields) GetInLowerLayer() bool
- func (f *FileFields) GetInUpperLayer() bool
- func (f *FileFields) HasHardLinks() bool
- func (f *FileFields) IsFileless() bool
- func (e *FileFields) MarshalBinary(data []byte) (int, error)
- func (e *FileFields) UnmarshalBinary(data []byte) (int, error)
- type FileMode
- type HashAlgorithm
- type HashState
- type IPPortContext
- type InodeMode
- type InvalidateDentryEvent
- type KernelCapability
- type L3Protocol
- type L4Protocol
- type LinkEvent
- type LinuxBinprm
- type LoadModuleEvent
- type MMapEvent
- type MMapFlag
- type MProtectEvent
- type MatchedRule
- type MkdirEvent
- type Model
- func (m *Model) GetEvaluator(field eval.Field, regID eval.RegisterID) (eval.Evaluator, error)
- func (m *Model) GetEventTypes() []eval.EventType
- func (m *Model) GetIterator(field eval.Field) (eval.Iterator, error)
- func (m *Model) NewDefaultEventWithType(kind EventType) eval.Event
- func (m *Model) NewEvent() eval.Event
- func (m *Model) ValidateField(field eval.Field, fieldValue eval.FieldValue) error
- type Mount
- type MountEvent
- type MountReleasedEvent
- type NetDevice
- type NetDeviceEvent
- type NetIP
- type NetworkContext
- type NetworkDeviceContext
- type OpenEvent
- type OpenFlags
- type PIDContext
- type PTraceEvent
- type PTraceRequest
- type PathKey
- type PathLeaf
- type PipeBufFlag
- type Process
- func (p *Process) GetPathResolutionError() string
- func (p *Process) HasInterpreter() bool
- func (p *Process) IsNotKworker() bool
- func (e *Process) MarshalPidCache(data []byte) (int, error)
- func (e *Process) MarshalProcCache(data []byte) (int, error)
- func (p *Process) SetSpan(spanID uint64, traceID uint64)
- func (e *Process) UnmarshalBinary(data []byte) (int, error)
- func (e *Process) UnmarshalPidCacheBinary(data []byte) (int, error)
- func (e *Process) UnmarshalProcEntryBinary(data []byte) (int, error)
- type ProcessAncestorsIterator
- type ProcessCacheEntry
- func (pc *ProcessCacheEntry) ApplyExecTimeOf(entry *ProcessCacheEntry)
- func (pc *ProcessCacheEntry) Equals(entry *ProcessCacheEntry) bool
- func (pc *ProcessCacheEntry) Exec(entry *ProcessCacheEntry)
- func (pc *ProcessCacheEntry) Exit(exitTime time.Time)
- func (pc *ProcessCacheEntry) Fork(childEntry *ProcessCacheEntry)
- func (pc *ProcessCacheEntry) HasValidLineage() (bool, error)
- func (pc *ProcessCacheEntry) IsContainerRoot() bool
- func (pc *ProcessCacheEntry) Release()
- func (pc *ProcessCacheEntry) Reset()
- func (pc *ProcessCacheEntry) Retain()
- func (pc *ProcessCacheEntry) SetAncestor(parent *ProcessCacheEntry)
- func (pc *ProcessCacheEntry) SetParentOfForkChild(parent *ProcessCacheEntry)
- func (pc *ProcessCacheEntry) SetReleaseCallback(callback func())
- type ProcessContext
- type Protection
- type QClass
- type QType
- type Releasable
- type RenameEvent
- type RetValError
- type RmdirEvent
- type SELinuxEvent
- type SELinuxEventKind
- type SecurityProfileContext
- type SetXAttrEvent
- type SetgidEvent
- type SetuidEvent
- type Signal
- type SignalEvent
- type SpanContext
- type SpliceEvent
- type Status
- type Syscall
- type SyscallEvent
- type SyscallsEvent
- type UmountEvent
- type UnlinkEvent
- type UnlinkFlags
- type UnloadModuleEvent
- type UnshareMountNSEvent
- type UtimesEvent
- type VMFlag
- type VethPairEvent
Constants ¶
const ( // MaxSegmentLength defines the maximum length of each segment of a path MaxSegmentLength = 255 // MaxPathDepth defines the maximum depth of a path // see pkg/security/ebpf/c/dentry_resolver.h: DR_MAX_TAIL_CALL * DR_MAX_ITERATION_DEPTH MaxPathDepth = 1363 // MaxBpfObjName defines the maximum length of a Bpf object name MaxBpfObjName = 16 // PathSuffix defines the suffix used for path fields PathSuffix = ".path" // NameSuffix defines the suffix used for name fields NameSuffix = ".name" // ContainerIDLen defines the length of a container ID ContainerIDLen = sha256.Size * 2 // MaxSymlinks maximum symlinks captured MaxSymlinks = 2 // MaxTracedCgroupsCount hard limit for the count of traced cgroups MaxTracedCgroupsCount = 128 )
const ( // EventFlagsAsync async event EventFlagsAsync = 1 << iota // EventFlagsSavedByAD saved by ad EventFlagsSavedByAD // EventFlagsActivityDumpSample an AD sample EventFlagsActivityDumpSample // EventFlagsSecurityProfileInProfile true if the event was found in a profile EventFlagsSecurityProfileInProfile )
const ( LowerLayer = 1 << iota UpperLayer )
File flags
const ( OverlayFS = "overlay" // OverlayFS overlay filesystem TmpFS = "tmpfs" // TmpFS tmpfs UnknownFS = "unknown" // UnknownFS unknown filesystem ErrPathMustBeAbsolute = "all the path have to be absolute" // ErrPathMustBeAbsolute tells when a path is not absolute ErrPathDepthLimit = "path depths have to be shorter than" // ErrPathDepthLimit tells when a path is too long ErrPathSegmentLimit = "each segment of a path must be shorter than" // ErrPathSegmentLimit tells when a patch reached the segment limit // SizeOfCookie size of cookie SizeOfCookie = 8 )
const ( ProcessCacheEntryFromUnknown = iota // ProcessCacheEntryFromUnknown defines a process cache entry from unknown ProcessCacheEntryFromPlaceholder // ProcessCacheEntryFromPlaceholder defines the source of a placeholder process cache entry ProcessCacheEntryFromEvent // ProcessCacheEntryFromEvent defines a process cache entry from event ProcessCacheEntryFromKernelMap // ProcessCacheEntryFromKernelMap defines a process cache entry from kernel map ProcessCacheEntryFromProcFS // ProcessCacheEntryFromProcFS defines a process cache entry from procfs. Note that some exec parent may be missing. ProcessCacheEntryFromSnapshot // ProcessCacheEntryFromSnapshot defines a process cache entry from snapshot )
const DNSPreallocSize = 256
DNSPreallocSize defines DNS pre-alloc size
const (
// MaxArgEnvSize maximum size of one argument or environment variable
MaxArgEnvSize = 256
)
const PathKeySize = 16
PathKeySize defines the path key size
const PathLeafSize = PathKeySize + MaxSegmentLength + 1 + 2 + 6 // path_key + name + len + padding
PathLeafSize defines path_leaf struct size
Variables ¶
var ( // BPFCmdConstants is the list of BPF commands // generate_constants:BPF commands,BPF commands are used to specify a command to a bpf syscall. BPFCmdConstants = map[string]BPFCmd{ "BPF_MAP_CREATE": BpfMapCreateCmd, "BPF_MAP_LOOKUP_ELEM": BpfMapLookupElemCmd, "BPF_MAP_UPDATE_ELEM": BpfMapUpdateElemCmd, "BPF_MAP_DELETE_ELEM": BpfMapDeleteElemCmd, "BPF_MAP_GET_NEXT_KEY": BpfMapGetNextKeyCmd, "BPF_PROG_LOAD": BpfProgLoadCmd, "BPF_OBJ_PIN": BpfObjPinCmd, "BPF_OBJ_GET": BpfObjGetCmd, "BPF_PROG_ATTACH": BpfProgAttachCmd, "BPF_PROG_DETACH": BpfProgDetachCmd, "BPF_PROG_TEST_RUN": BpfProgTestRunCmd, "BPF_PROG_RUN": BpfProgTestRunCmd, "BPF_PROG_GET_NEXT_ID": BpfProgGetNextIDCmd, "BPF_MAP_GET_NEXT_ID": BpfMapGetNextIDCmd, "BPF_PROG_GET_FD_BY_ID": BpfProgGetFdByIDCmd, "BPF_MAP_GET_FD_BY_ID": BpfMapGetFdByIDCmd, "BPF_OBJ_GET_INFO_BY_FD": BpfObjGetInfoByFdCmd, "BPF_PROG_QUERY": BpfProgQueryCmd, "BPF_RAW_TRACEPOINT_OPEN": BpfRawTracepointOpenCmd, "BPF_BTF_LOAD": BpfBtfLoadCmd, "BPF_BTF_GET_FD_BY_ID": BpfBtfGetFdByIDCmd, "BPF_TASK_FD_QUERY": BpfTaskFdQueryCmd, "BPF_MAP_LOOKUP_AND_DELETE_ELEM": BpfMapLookupAndDeleteElemCmd, "BPF_MAP_FREEZE": BpfMapFreezeCmd, "BPF_BTF_GET_NEXT_ID": BpfBtfGetNextIDCmd, "BPF_MAP_LOOKUP_BATCH": BpfMapLookupBatchCmd, "BPF_MAP_LOOKUP_AND_DELETE_BATCH": BpfMapLookupAndDeleteBatchCmd, "BPF_MAP_UPDATE_BATCH": BpfMapUpdateBatchCmd, "BPF_MAP_DELETE_BATCH": BpfMapDeleteBatchCmd, "BPF_LINK_CREATE": BpfLinkCreateCmd, "BPF_LINK_UPDATE": BpfLinkUpdateCmd, "BPF_LINK_GET_FD_BY_ID": BpfLinkGetFdByIDCmd, "BPF_LINK_GET_NEXT_ID": BpfLinkGetNextIDCmd, "BPF_ENABLE_STATS": BpfEnableStatsCmd, "BPF_ITER_CREATE": BpfIterCreateCmd, "BPF_LINK_DETACH": BpfLinkDetachCmd, "BPF_PROG_BIND_MAP": BpfProgBindMapCmd, } // BPFHelperFuncConstants is the list of BPF helper func constants // generate_constants:BPF helper functions,BPF helper functions are the supported BPF helper functions. BPFHelperFuncConstants = map[string]BPFHelperFunc{}/* 166 elements not displayed */ // BPFMapTypeConstants is the list of BPF map type constants // generate_constants:BPF map types,BPF map types are the supported eBPF map types. BPFMapTypeConstants = map[string]BPFMapType{ "BPF_MAP_TYPE_UNSPEC": BpfMapTypeUnspec, "BPF_MAP_TYPE_HASH": BpfMapTypeHash, "BPF_MAP_TYPE_ARRAY": BpfMapTypeArray, "BPF_MAP_TYPE_PROG_ARRAY": BpfMapTypeProgArray, "BPF_MAP_TYPE_PERF_EVENT_ARRAY": BpfMapTypePerfEventArray, "BPF_MAP_TYPE_PERCPU_HASH": BpfMapTypePercpuHash, "BPF_MAP_TYPE_PERCPU_ARRAY": BpfMapTypePercpuArray, "BPF_MAP_TYPE_STACK_TRACE": BpfMapTypeStackTrace, "BPF_MAP_TYPE_CGROUP_ARRAY": BpfMapTypeCgroupArray, "BPF_MAP_TYPE_LRU_HASH": BpfMapTypeLruHash, "BPF_MAP_TYPE_LRU_PERCPU_HASH": BpfMapTypeLruPercpuHash, "BPF_MAP_TYPE_LPM_TRIE": BpfMapTypeLpmTrie, "BPF_MAP_TYPE_ARRAY_OF_MAPS": BpfMapTypeArrayOfMaps, "BPF_MAP_TYPE_HASH_OF_MAPS": BpfMapTypeHashOfMaps, "BPF_MAP_TYPE_DEVMAP": BpfMapTypeDevmap, "BPF_MAP_TYPE_SOCKMAP": BpfMapTypeSockmap, "BPF_MAP_TYPE_CPUMAP": BpfMapTypeCPUmap, "BPF_MAP_TYPE_XSKMAP": BpfMapTypeXskmap, "BPF_MAP_TYPE_SOCKHASH": BpfMapTypeSockhash, "BPF_MAP_TYPE_CGROUP_STORAGE": BpfMapTypeCgroupStorage, "BPF_MAP_TYPE_REUSEPORT_SOCKARRAY": BpfMapTypeReuseportSockarray, "BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE": BpfMapTypePercpuCgroupStorage, "BPF_MAP_TYPE_QUEUE": BpfMapTypeQueue, "BPF_MAP_TYPE_STACK": BpfMapTypeStack, "BPF_MAP_TYPE_SK_STORAGE": BpfMapTypeSkStorage, "BPF_MAP_TYPE_DEVMAP_HASH": BpfMapTypeDevmapHash, "BPF_MAP_TYPE_STRUCT_OPS": BpfMapTypeStructOps, "BPF_MAP_TYPE_RINGBUF": BpfMapTypeRingbuf, "BPF_MAP_TYPE_INODE_STORAGE": BpfMapTypeInodeStorage, "BPF_MAP_TYPE_TASK_STORAGE": BpfMapTypeTaskStorage, } // BPFProgramTypeConstants is the list of BPF program type constants // generate_constants:BPF program types,BPF program types are the supported eBPF program types. BPFProgramTypeConstants = map[string]BPFProgramType{ "BPF_PROG_TYPE_UNSPEC": BpfProgTypeUnspec, "BPF_PROG_TYPE_SOCKET_FILTER": BpfProgTypeSocketFilter, "BPF_PROG_TYPE_KPROBE": BpfProgTypeKprobe, "BPF_PROG_TYPE_SCHED_CLS": BpfProgTypeSchedCls, "BPF_PROG_TYPE_SCHED_ACT": BpfProgTypeSchedAct, "BPF_PROG_TYPE_TRACEPOINT": BpfProgTypeTracepoint, "BPF_PROG_TYPE_XDP": BpfProgTypeXdp, "BPF_PROG_TYPE_PERF_EVENT": BpfProgTypePerfEvent, "BPF_PROG_TYPE_CGROUP_SKB": BpfProgTypeCgroupSkb, "BPF_PROG_TYPE_CGROUP_SOCK": BpfProgTypeCgroupSock, "BPF_PROG_TYPE_LWT_IN": BpfProgTypeLwtIn, "BPF_PROG_TYPE_LWT_OUT": BpfProgTypeLwtOut, "BPF_PROG_TYPE_LWT_XMIT": BpfProgTypeLwtXmit, "BPF_PROG_TYPE_SOCK_OPS": BpfProgTypeSockOps, "BPF_PROG_TYPE_SK_SKB": BpfProgTypeSkSkb, "BPF_PROG_TYPE_CGROUP_DEVICE": BpfProgTypeCgroupDevice, "BPF_PROG_TYPE_SK_MSG": BpfProgTypeSkMsg, "BPF_PROG_TYPE_RAW_TRACEPOINT": BpfProgTypeRawTracepoint, "BPF_PROG_TYPE_CGROUP_SOCK_ADDR": BpfProgTypeCgroupSockAddr, "BPF_PROG_TYPE_LWT_SEG6LOCAL": BpfProgTypeLwtSeg6local, "BPF_PROG_TYPE_LIRC_MODE2": BpfProgTypeLircMode2, "BPF_PROG_TYPE_SK_REUSEPORT": BpfProgTypeSkReuseport, "BPF_PROG_TYPE_FLOW_DISSECTOR": BpfProgTypeFlowDissector, "BPF_PROG_TYPE_CGROUP_SYSCTL": BpfProgTypeCgroupSysctl, "BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE": BpfProgTypeRawTracepointWritable, "BPF_PROG_TYPE_CGROUP_SOCKOPT": BpfProgTypeCgroupSockopt, "BPF_PROG_TYPE_TRACING": BpfProgTypeTracing, "BPF_PROG_TYPE_STRUCT_OPS": BpfProgTypeStructOps, "BPF_PROG_TYPE_EXT": BpfProgTypeExt, "BPF_PROG_TYPE_LSM": BpfProgTypeLsm, "BPF_PROG_TYPE_SK_LOOKUP": BpfProgTypeSkLookup, } // BPFAttachTypeConstants is the list of BPF attach type constants // generate_constants:BPF attach types,BPF attach types are the supported eBPF program attach types. BPFAttachTypeConstants = map[string]BPFAttachType{ "BPF_CGROUP_INET_INGRESS": BpfCgroupInetIngress, "BPF_CGROUP_INET_EGRESS": BpfCgroupInetEgress, "BPF_CGROUP_INET_SOCK_CREATE": BpfCgroupInetSockCreate, "BPF_CGROUP_SOCK_OPS": BpfCgroupSockOps, "BPF_SK_SKB_STREAM_PARSER": BpfSkSkbStreamParser, "BPF_SK_SKB_STREAM_VERDICT": BpfSkSkbStreamVerdict, "BPF_CGROUP_DEVICE": BpfCgroupDevice, "BPF_SK_MSG_VERDICT": BpfSkMsgVerdict, "BPF_CGROUP_INET4_BIND": BpfCgroupInet4Bind, "BPF_CGROUP_INET6_BIND": BpfCgroupInet6Bind, "BPF_CGROUP_INET4_CONNECT": BpfCgroupInet4Connect, "BPF_CGROUP_INET6_CONNECT": BpfCgroupInet6Connect, "BPF_CGROUP_INET4_POST_BIND": BpfCgroupInet4PostBind, "BPF_CGROUP_INET6_POST_BIND": BpfCgroupInet6PostBind, "BPF_CGROUP_UDP4_SENDMSG": BpfCgroupUDP4Sendmsg, "BPF_CGROUP_UDP6_SENDMSG": BpfCgroupUDP6Sendmsg, "BPF_LIRC_MODE2": BpfLircMode2, "BPF_FLOW_DISSECTOR": BpfFlowDissector, "BPF_CGROUP_SYSCTL": BpfCgroupSysctl, "BPF_CGROUP_UDP4_RECVMSG": BpfCgroupUDP4Recvmsg, "BPF_CGROUP_UDP6_RECVMSG": BpfCgroupUDP6Recvmsg, "BPF_CGROUP_GETSOCKOPT": BpfCgroupGetsockopt, "BPF_CGROUP_SETSOCKOPT": BpfCgroupSetsockopt, "BPF_TRACE_RAW_TP": BpfTraceRawTp, "BPF_TRACE_FENTRY": BpfTraceFentry, "BPF_TRACE_FEXIT": BpfTraceFexit, "BPF_MODIFY_RETURN": BpfModifyReturn, "BPF_LSM_MAC": BpfLsmMac, "BPF_TRACE_ITER": BpfTraceIter, "BPF_CGROUP_INET4_GETPEERNAME": BpfCgroupInet4Getpeername, "BPF_CGROUP_INET6_GETPEERNAME": BpfCgroupInet6Getpeername, "BPF_CGROUP_INET4_GETSOCKNAME": BpfCgroupInet4Getsockname, "BPF_CGROUP_INET6_GETSOCKNAME": BpfCgroupInet6Getsockname, "BPF_XDP_DEVMAP": BpfXdpDevmap, "BPF_CGROUP_INET_SOCK_RELEASE": BpfCgroupInetSockRelease, "BPF_XDP_CPUMAP": BpfXdpCPUmap, "BPF_SK_LOOKUP": BpfSkLookup, "BPF_XDP": BpfXdp, "BPF_SK_SKB_VERDICT": BpfSkSkbVerdict, } // PipeBufFlagConstants is the list of pipe buffer flags // generate_constants:Pipe buffer flags,Pipe buffer flags are the supported flags for a pipe buffer. PipeBufFlagConstants = map[string]PipeBufFlag{ "PIPE_BUF_FLAG_LRU": PipeBufFlagLRU, "PIPE_BUF_FLAG_ATOMIC": PipeBufFlagAtomic, "PIPE_BUF_FLAG_GIFT": PipeBufFlagGift, "PIPE_BUF_FLAG_PACKET": PipeBufFlagPacket, "PIPE_BUF_FLAG_CAN_MERGE": PipeBufFlagCanMerge, "PIPE_BUF_FLAG_WHOLE": PipeBufFlagWhole, "PIPE_BUF_FLAG_LOSS": PipeBufFlagLoss, } // DNSQTypeConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml // generate_constants:DNS qtypes,DNS qtypes are the supported DNS query types. DNSQTypeConstants = map[string]int{ "None": 0, "A": 1, "NS": 2, "MD": 3, "MF": 4, "CNAME": 5, "SOA": 6, "MB": 7, "MG": 8, "MR": 9, "NULL": 10, "PTR": 12, "HINFO": 13, "MINFO": 14, "MX": 15, "TXT": 16, "RP": 17, "AFSDB": 18, "X25": 19, "ISDN": 20, "RT": 21, "NSAPPTR": 23, "SIG": 24, "KEY": 25, "PX": 26, "GPOS": 27, "AAAA": 28, "LOC": 29, "NXT": 30, "EID": 31, "NIMLOC": 32, "SRV": 33, "ATMA": 34, "NAPTR": 35, "KX": 36, "CERT": 37, "DNAME": 39, "OPT": 41, "APL": 42, "DS": 43, "SSHFP": 44, "RRSIG": 46, "NSEC": 47, "DNSKEY": 48, "DHCID": 49, "NSEC3": 50, "NSEC3PARAM": 51, "TLSA": 52, "SMIMEA": 53, "HIP": 55, "NINFO": 56, "RKEY": 57, "TALINK": 58, "CDS": 59, "CDNSKEY": 60, "OPENPGPKEY": 61, "CSYNC": 62, "ZONEMD": 63, "SVCB": 64, "HTTPS": 65, "SPF": 99, "UINFO": 100, "UID": 101, "GID": 102, "UNSPEC": 103, "NID": 104, "L32": 105, "L64": 106, "LP": 107, "EUI48": 108, "EUI64": 109, "URI": 256, "CAA": 257, "AVC": 258, "TKEY": 249, "TSIG": 250, "IXFR": 251, "AXFR": 252, "MAILB": 253, "MAILA": 254, "ANY": 255, "TA": 32768, "DLV": 32769, "Reserved": 65535, } // DNSQClassConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml // generate_constants:DNS qclasses,DNS qclasses are the supported DNS query classes. DNSQClassConstants = map[string]int{ "CLASS_INET": 1, "CLASS_CSNET": 2, "CLASS_CHAOS": 3, "CLASS_HESIOD": 4, "CLASS_NONE": 254, "CLASS_ANY": 255, } // SECLConstants are constants supported in runtime security agent rules // generate_constants:SecL constants,SecL constants are the supported generic SecL constants. SECLConstants = map[string]interface{}{ "true": &eval.BoolEvaluator{Value: true}, "false": &eval.BoolEvaluator{Value: false}, } // L3ProtocolConstants is the list of supported L3 protocols // generate_constants:L3 protocols,L3 protocols are the supported Layer 3 protocols. L3ProtocolConstants = map[string]L3Protocol{ "ETH_P_LOOP": EthPLOOP, "ETH_P_PUP": EthPPUP, "ETH_P_PUPAT": EthPPUPAT, "ETH_P_TSN": EthPTSN, "ETH_P_IP": EthPIP, "ETH_P_X25": EthPX25, "ETH_P_ARP": EthPARP, "ETH_P_BPQ": EthPBPQ, "ETH_P_IEEEPUP": EthPIEEEPUP, "ETH_P_IEEEPUPAT": EthPIEEEPUPAT, "ETH_P_BATMAN": EthPBATMAN, "ETH_P_DEC": EthPDEC, "ETH_P_DNADL": EthPDNADL, "ETH_P_DNARC": EthPDNARC, "ETH_P_DNART": EthPDNART, "ETH_P_LAT": EthPLAT, "ETH_P_DIAG": EthPDIAG, "ETH_P_CUST": EthPCUST, "ETH_P_SCA": EthPSCA, "ETH_P_TEB": EthPTEB, "ETH_P_RARP": EthPRARP, "ETH_P_ATALK": EthPATALK, "ETH_P_AARP": EthPAARP, "ETH_P_8021_Q": EthP8021Q, "ETH_P_ERSPAN": EthPERSPAN, "ETH_P_IPX": EthPIPX, "ETH_P_IPV6": EthPIPV6, "ETH_P_PAUSE": EthPPAUSE, "ETH_P_SLOW": EthPSLOW, "ETH_P_WCCP": EthPWCCP, "ETH_P_MPLSUC": EthPMPLSUC, "ETH_P_MPLSMC": EthPMPLSMC, "ETH_P_ATMMPOA": EthPATMMPOA, "ETH_P_PPPDISC": EthPPPPDISC, "ETH_P_PPPSES": EthPPPPSES, "ETH_P__LINK_CTL": EthPLinkCTL, "ETH_P_ATMFATE": EthPATMFATE, "ETH_P_PAE": EthPPAE, "ETH_P_AOE": EthPAOE, "ETH_P_8021_AD": EthP8021AD, "ETH_P_802_EX1": EthP802EX1, "ETH_P_TIPC": EthPTIPC, "ETH_P_MACSEC": EthPMACSEC, "ETH_P_8021_AH": EthP8021AH, "ETH_P_MVRP": EthPMVRP, "ETH_P_1588": EthP1588, "ETH_P_NCSI": EthPNCSI, "ETH_P_PRP": EthPPRP, "ETH_P_FCOE": EthPFCOE, "ETH_P_IBOE": EthPIBOE, "ETH_P_TDLS": EthPTDLS, "ETH_P_FIP": EthPFIP, "ETH_P_80221": EthP80221, "ETH_P_HSR": EthPHSR, "ETH_P_NSH": EthPNSH, "ETH_P_LOOPBACK": EthPLOOPBACK, "ETH_P_QINQ1": EthPQINQ1, "ETH_P_QINQ2": EthPQINQ2, "ETH_P_QINQ3": EthPQINQ3, "ETH_P_EDSA": EthPEDSA, "ETH_P_IFE": EthPIFE, "ETH_P_AFIUCV": EthPAFIUCV, "ETH_P_8023_MIN": EthP8023MIN, "ETH_P_IPV6_HOP_BY_HOP": EthPIPV6HopByHop, "ETH_P_8023": EthP8023, "ETH_P_AX25": EthPAX25, "ETH_P_ALL": EthPALL, "ETH_P_8022": EthP8022, "ETH_P_SNAP": EthPSNAP, "ETH_P_DDCMP": EthPDDCMP, "ETH_P_WANPPP": EthPWANPPP, "ETH_P_PPPMP": EthPPPPMP, "ETH_P_LOCALTALK": EthPLOCALTALK, "ETH_P_CAN": EthPCAN, "ETH_P_CANFD": EthPCANFD, "ETH_P_PPPTALK": EthPPPPTALK, "ETH_P_TR8022": EthPTR8022, "ETH_P_MOBITEX": EthPMOBITEX, "ETH_P_CONTROL": EthPCONTROL, "ETH_P_IRDA": EthPIRDA, "ETH_P_ECONET": EthPECONET, "ETH_P_HDLC": EthPHDLC, "ETH_P_ARCNET": EthPARCNET, "ETH_P_DSA": EthPDSA, "ETH_P_TRAILER": EthPTRAILER, "ETH_P_PHONET": EthPPHONET, "ETH_P_IEEE802154": EthPIEEE802154, "ETH_P_CAIF": EthPCAIF, "ETH_P_XDSA": EthPXDSA, "ETH_P_MAP": EthPMAP, } // L4ProtocolConstants is the list of supported L4 protocols // generate_constants:L4 protocols,L4 protocols are the supported Layer 4 protocols. L4ProtocolConstants = map[string]L4Protocol{ "IP_PROTO_IP": IPProtoIP, "IP_PROTO_ICMP": IPProtoICMP, "IP_PROTO_IGMP": IPProtoIGMP, "IP_PROTO_IPIP": IPProtoIPIP, "IP_PROTO_TCP": IPProtoTCP, "IP_PROTO_EGP": IPProtoEGP, "IP_PROTO_IGP": IPProtoIGP, "IP_PROTO_PUP": IPProtoPUP, "IP_PROTO_UDP": IPProtoUDP, "IP_PROTO_IDP": IPProtoIDP, "IP_PROTO_TP": IPProtoTP, "IP_PROTO_DCCP": IPProtoDCCP, "IP_PROTO_IPV6": IPProtoIPV6, "IP_PROTO_RSVP": IPProtoRSVP, "IP_PROTO_GRE": IPProtoGRE, "IP_PROTO_ESP": IPProtoESP, "IP_PROTO_AH": IPProtoAH, "IP_PROTO_ICMPV6": IPProtoICMPV6, "IP_PROTO_MTP": IPProtoMTP, "IP_PROTO_BEETPH": IPProtoBEETPH, "IP_PROTO_ENCAP": IPProtoENCAP, "IP_PROTO_PIM": IPProtoPIM, "IP_PROTO_COMP": IPProtoCOMP, "IP_PROTO_SCTP": IPProtoSCTP, "IP_PROTO_UDPLITE": IPProtoUDPLITE, "IP_PROTO_MPLS": IPProtoMPLS, "IP_PROTO_RAW": IPProtoRAW, } )
var ( // ErrDNSNamePointerNotSupported reported because pointer compression is not supported ErrDNSNamePointerNotSupported = errors.New("dns name pointer compression is not supported") // ErrDNSNameOutOfBounds reported because name out of bound ErrDNSNameOutOfBounds = errors.New("dns name out of bound") // ErrDNSNameNonPrintableASCII reported because name non-printable ascii ErrDNSNameNonPrintableASCII = errors.New("dns name non-printable ascii") // ErrDNSNameMalformatted reported because name mal formatted (too short, missing dots, etc) ErrDNSNameMalformatted = errors.New("dns name mal-formatted") )
var ( // ErrNotEnoughData is returned when the buffer is too small to unmarshal the event ErrNotEnoughData = errors.New("not enough data") // ErrNotEnoughSpace is returned when the provided buffer is too small to marshal the event ErrNotEnoughSpace = errors.New("not enough space") // ErrStringArrayOverflow returned when there is a string array overflow ErrStringArrayOverflow = errors.New("string array overflow") // ErrNonPrintable returned when a string contains non printable char ErrNonPrintable = errors.New("non printable") // ErrIncorrectDataSize is returned when the data read size doesn't correspond to the expected one ErrIncorrectDataSize = errors.New("incorrect data size") )
var ( // ProcessSymlinkPathname handles symlink for process enrtries ProcessSymlinkPathname = &eval.OpOverrides{ StringEquals: func(a *eval.StringEvaluator, b *eval.StringEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.GlobCmp.StringEquals(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.path" || a.Field == "process.file.path" { se1, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[0](a.Field), b, state) if err != nil { return nil, err } se2, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[1](a.Field), b, state) if err != nil { return nil, err } or, err := eval.Or(se1, se2, state) if err != nil { return nil, err } return eval.Or(path, or, state) } else if b.Field == "exec.file.path" || b.Field == "process.file.path" { se1, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[0](b.Field), a, state) if err != nil { return nil, err } se2, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[1](b.Field), a, state) if err != nil { return nil, err } or, err := eval.Or(se1, se2, state) if err != nil { return nil, err } return eval.Or(path, or, state) } return path, nil }, StringValuesContains: func(a *eval.StringEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.GlobCmp.StringValuesContains(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.path" || a.Field == "process.file.path" { se1, err := eval.GlobCmp.StringValuesContains(symlinkPathnameEvaluators[0](a.Field), b, state) if err != nil { return nil, err } se2, err := eval.GlobCmp.StringValuesContains(symlinkPathnameEvaluators[1](a.Field), b, state) if err != nil { return nil, err } or, err := eval.Or(se1, se2, state) if err != nil { return nil, err } return eval.Or(path, or, state) } return path, nil }, StringArrayContains: func(a *eval.StringEvaluator, b *eval.StringArrayEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.GlobCmp.StringArrayContains(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.path" || a.Field == "process.file.path" { se1, err := eval.GlobCmp.StringArrayContains(symlinkPathnameEvaluators[0](a.Field), b, state) if err != nil { return nil, err } se2, err := eval.GlobCmp.StringArrayContains(symlinkPathnameEvaluators[1](a.Field), b, state) if err != nil { return nil, err } or, err := eval.Or(se1, se2, state) if err != nil { return nil, err } return eval.Or(path, or, state) } return path, nil }, StringArrayMatches: func(a *eval.StringArrayEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { return eval.GlobCmp.StringArrayMatches(a, b, state) }, } // ProcessSymlinkBasename handles symlink for process enrtries ProcessSymlinkBasename = &eval.OpOverrides{ StringEquals: func(a *eval.StringEvaluator, b *eval.StringEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.StringEquals(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.name" || a.Field == "process.file.name" { symlink, err := eval.StringEquals(symlinkBasenameEvaluator(a.Field), b, state) if err != nil { return nil, err } return eval.Or(path, symlink, state) } else if b.Field == "exec.file.name" || b.Field == "process.file.name" { symlink, err := eval.StringEquals(a, symlinkBasenameEvaluator(b.Field), state) if err != nil { return nil, err } return eval.Or(path, symlink, state) } return path, nil }, StringValuesContains: func(a *eval.StringEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.StringValuesContains(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.name" || a.Field == "process.file.name" { symlink, err := eval.StringValuesContains(symlinkBasenameEvaluator(a.Field), b, state) if err != nil { return nil, err } return eval.Or(path, symlink, state) } return path, nil }, StringArrayContains: func(a *eval.StringEvaluator, b *eval.StringArrayEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { path, err := eval.StringArrayContains(a, b, state) if err != nil { return nil, err } if a.Field == "exec.file.name" || a.Field == "process.file.name" { symlink, err := eval.StringArrayContains(symlinkBasenameEvaluator(a.Field), b, state) if err != nil { return nil, err } return eval.Or(path, symlink, state) } return path, nil }, StringArrayMatches: func(a *eval.StringArrayEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) { return eval.StringArrayMatches(a, b, state) }, } )
var ByteOrder binary.ByteOrder
ByteOrder holds the hosts byte order
var ( // KernelCapabilityConstants list of kernel capabilities // generate_constants:Kernel Capability constants,Kernel Capability constants are the supported Linux Kernel Capability. KernelCapabilityConstants = map[string]uint64{ "CAP_AUDIT_CONTROL": 1 << unix.CAP_AUDIT_CONTROL, "CAP_AUDIT_READ": 1 << unix.CAP_AUDIT_READ, "CAP_AUDIT_WRITE": 1 << unix.CAP_AUDIT_WRITE, "CAP_BLOCK_SUSPEND": 1 << unix.CAP_BLOCK_SUSPEND, "CAP_BPF": 1 << unix.CAP_BPF, "CAP_CHECKPOINT_RESTORE": 1 << unix.CAP_CHECKPOINT_RESTORE, "CAP_CHOWN": 1 << unix.CAP_CHOWN, "CAP_DAC_OVERRIDE": 1 << unix.CAP_DAC_OVERRIDE, "CAP_DAC_READ_SEARCH": 1 << unix.CAP_DAC_READ_SEARCH, "CAP_FOWNER": 1 << unix.CAP_FOWNER, "CAP_FSETID": 1 << unix.CAP_FSETID, "CAP_IPC_LOCK": 1 << unix.CAP_IPC_LOCK, "CAP_IPC_OWNER": 1 << unix.CAP_IPC_OWNER, "CAP_KILL": 1 << unix.CAP_KILL, "CAP_LEASE": 1 << unix.CAP_LEASE, "CAP_LINUX_IMMUTABLE": 1 << unix.CAP_LINUX_IMMUTABLE, "CAP_MAC_ADMIN": 1 << unix.CAP_MAC_ADMIN, "CAP_MAC_OVERRIDE": 1 << unix.CAP_MAC_OVERRIDE, "CAP_MKNOD": 1 << unix.CAP_MKNOD, "CAP_NET_ADMIN": 1 << unix.CAP_NET_ADMIN, "CAP_NET_BIND_SERVICE": 1 << unix.CAP_NET_BIND_SERVICE, "CAP_NET_BROADCAST": 1 << unix.CAP_NET_BROADCAST, "CAP_NET_RAW": 1 << unix.CAP_NET_RAW, "CAP_PERFMON": 1 << unix.CAP_PERFMON, "CAP_SETFCAP": 1 << unix.CAP_SETFCAP, "CAP_SETGID": 1 << unix.CAP_SETGID, "CAP_SETPCAP": 1 << unix.CAP_SETPCAP, "CAP_SETUID": 1 << unix.CAP_SETUID, "CAP_SYSLOG": 1 << unix.CAP_SYSLOG, "CAP_SYS_ADMIN": 1 << unix.CAP_SYS_ADMIN, "CAP_SYS_BOOT": 1 << unix.CAP_SYS_BOOT, "CAP_SYS_CHROOT": 1 << unix.CAP_SYS_CHROOT, "CAP_SYS_MODULE": 1 << unix.CAP_SYS_MODULE, "CAP_SYS_NICE": 1 << unix.CAP_SYS_NICE, "CAP_SYS_PACCT": 1 << unix.CAP_SYS_PACCT, "CAP_SYS_PTRACE": 1 << unix.CAP_SYS_PTRACE, "CAP_SYS_RAWIO": 1 << unix.CAP_SYS_RAWIO, "CAP_SYS_RESOURCE": 1 << unix.CAP_SYS_RESOURCE, "CAP_SYS_TIME": 1 << unix.CAP_SYS_TIME, "CAP_SYS_TTY_CONFIG": 1 << unix.CAP_SYS_TTY_CONFIG, "CAP_WAKE_ALARM": 1 << unix.CAP_WAKE_ALARM, } )
var ProcessSources = [...]string{
"unknown",
"placeholder",
"event",
"map",
"procfs_fallback",
"procfs_snapshot",
}
ProcessSources defines process sources
var SECLLegacyFields = map[eval.Field]eval.Field{
"async": "event.async",
"chmod.filename": "chmod.file.path",
"chmod.basename": "chmod.file.name",
"chmod.mode": "chmod.file.destination.mode",
"chown.filename": "chown.file.path",
"chown.basename": "chown.file.name",
"chown.uid": "chown.file.destination.uid",
"chown.user": "chown.file.destination.user",
"chown.gid": "chown.file.destination.gid",
"chown.group": "chown.file.destination.group",
"open.filename": "open.file.path",
"open.basename": "open.file.name",
"open.mode": "open.file.destination.mode",
"mkdir.filename": "mkdir.file.path",
"mkdir.basename": "mkdir.file.name",
"mkdir.mode": "mkdir.file.destination.mode",
"rmdir.filename": "rmdir.file.path",
"rmdir.basename": "rmdir.file.name",
"rename.old.filename": "rename.file.path",
"rename.old.basename": "rename.file.name",
"rename.new.filename": "rename.file.destination.path",
"rename.new.basename": "rename.file.destination.name",
"unlink.filename": "unlink.file.path",
"unlink.basename": "unlink.file.name",
"utimes.filename": "utimes.file.path",
"utimes.basename": "utimes.file.name",
"link.source.filename": "link.file.path",
"link.source.basename": "link.file.name",
"link.target.filename": "link.file.destination.path",
"link.target.basename": "link.file.destination.name",
"setxattr.filename": "setxattr.file.path",
"setxattr.basename": "setxattr.file.name",
"setxattr.namespace": "setxattr.file.destination.namespace",
"setxattr.name": "setxattr.file.destination.name",
"removexattr.filename": "removexattr.file.path",
"removexattr.basename": "removexattr.file.name",
"removexattr.namespace": "removexattr.file.destination.namespace",
"removexattr.name": "removexattr.file.destination.name",
"exec.filename": "exec.file.path",
"exec.overlay_numlower": "exec.file.overlay_numlower",
"exec.basename": "exec.file.name",
"exec.name": "exec.comm",
"process.filename": "process.file.path",
"process.basename": "process.file.name",
"process.name": "process.comm",
"process.ancestors.filename": "process.ancestors.file.path",
"process.ancestors.basename": "process.ancestors.file.name",
"process.ancestors.name": "process.ancestors.comm",
}
SECLLegacyFields contains the list of the legacy attributes we need to support
var ( // SECLVariables set of variables SECLVariables = map[string]eval.VariableValue{ "process.pid": eval.NewIntVariable(func(ctx *eval.Context) int { pc := ctx.Event.(*Event).ProcessContext if pc == nil { return 0 } return int(pc.Process.Pid) }, nil), } )
Functions ¶
func GetEventTypePerCategory ¶
func GetEventTypePerCategory() map[EventCategory][]eval.EventType
GetEventTypePerCategory returns the event types per category
func GetHostByteOrder ¶
GetHostByteOrder guesses the hosts byte order
func IsAlphaNumeric ¶
IsAlphaNumeric returns whether a character is either a digit or a letter
func IsPrintable ¶
IsPrintable returns whether the string does contain only unicode printable
func IsPrintableASCII ¶
IsPrintableASCII returns whether the string does contain only ASCII char
func MarshalBinary ¶ added in v0.36.0
func MarshalBinary(data []byte, binaryMarshalers ...BinaryMarshaler) (int, error)
MarshalBinary calls a series of BinaryMarshaler
func NullTerminatedString ¶ added in v0.41.0
NullTerminatedString returns null-terminated string
func ProcessSourceToString ¶ added in v0.46.0
ProcessSourceToString returns the string corresponding to a process source
func SliceToArray ¶
SliceToArray copy src bytes to dst. Destination should have enough space
func StringifyHelpersList ¶
StringifyHelpersList returns a string list representation of a list of helpers
func UnmarshalBinary ¶
func UnmarshalBinary(data []byte, binaryUnmarshalers ...BinaryUnmarshaler) (int, error)
UnmarshalBinary calls a series of BinaryUnmarshaler
func UnmarshalPrintableString ¶
UnmarshalPrintableString unmarshal printable string
func UnmarshalString ¶
UnmarshalString unmarshal string
func UnmarshalStringArray ¶
UnmarshalStringArray extract array of string for array of byte
Types ¶
type ActivityDumpLoadConfig ¶ added in v0.40.0
type ActivityDumpLoadConfig struct { TracedEventTypes []EventType Timeout time.Duration WaitListTimestampRaw uint64 StartTimestampRaw uint64 EndTimestampRaw uint64 Rate uint32 // max number of events per sec Paused uint32 }
ActivityDumpLoadConfig represents the load configuration of an activity dump
func (*ActivityDumpLoadConfig) EventUnmarshalBinary ¶ added in v0.40.0
func (adlc *ActivityDumpLoadConfig) EventUnmarshalBinary(data []byte) (int, error)
EventUnmarshalBinary unmarshals a binary representation of itself
func (*ActivityDumpLoadConfig) MarshalBinary ¶ added in v0.40.0
func (adlc *ActivityDumpLoadConfig) MarshalBinary() ([]byte, error)
MarshalBinary marshals a binary representation of itself
func (*ActivityDumpLoadConfig) SetTimeout ¶ added in v0.40.0
func (adlc *ActivityDumpLoadConfig) SetTimeout(duration time.Duration)
SetTimeout updates the timeout of an activity dump
func (*ActivityDumpLoadConfig) UnmarshalBinary ¶ added in v0.40.0
func (adlc *ActivityDumpLoadConfig) UnmarshalBinary(data []byte) error
UnmarshalBinary unmarshals a binary representation of itself
type AddressFamily ¶ added in v0.37.0
type AddressFamily int
AddressFamily represents a family address (AF_INET, AF_INET6, AF_UNIX etc)
func (AddressFamily) String ¶ added in v0.37.0
func (af AddressFamily) String() string
type AnomalyDetectionSyscallEvent ¶ added in v0.45.0
type AnomalyDetectionSyscallEvent struct {
SyscallID Syscall
}
AnomalyDetectionSyscallEvent represents an anomaly detection for a syscall event
func (*AnomalyDetectionSyscallEvent) UnmarshalBinary ¶ added in v0.45.0
func (e *AnomalyDetectionSyscallEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type ArgsEnvs ¶
type ArgsEnvs struct { ID uint32 Size uint32 ValuesRaw [MaxArgEnvSize]byte }
ArgsEnvs raw value for args and envs
type ArgsEnvsEvent ¶
type ArgsEnvsEvent struct {
ArgsEnvs
}
ArgsEnvsEvent defines a args/envs event
func (*ArgsEnvsEvent) UnmarshalBinary ¶
func (e *ArgsEnvsEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type BPFAttachType ¶
type BPFAttachType uint32
BPFAttachType is used to define attach type constants
const ( // BpfCgroupInetIngress attach type BpfCgroupInetIngress BPFAttachType = iota + 1 // BpfCgroupInetEgress attach type BpfCgroupInetEgress // BpfCgroupInetSockCreate attach type BpfCgroupInetSockCreate // BpfCgroupSockOps attach type BpfCgroupSockOps // BpfSkSkbStreamParser attach type BpfSkSkbStreamParser // BpfSkSkbStreamVerdict attach type BpfSkSkbStreamVerdict // BpfCgroupDevice attach type BpfCgroupDevice // BpfSkMsgVerdict attach type BpfSkMsgVerdict // BpfCgroupInet4Bind attach type BpfCgroupInet4Bind // BpfCgroupInet6Bind attach type BpfCgroupInet6Bind // BpfCgroupInet4Connect attach type BpfCgroupInet4Connect // BpfCgroupInet6Connect attach type BpfCgroupInet6Connect // BpfCgroupInet4PostBind attach type BpfCgroupInet4PostBind // BpfCgroupInet6PostBind attach type BpfCgroupInet6PostBind // BpfCgroupUDP4Sendmsg attach type BpfCgroupUDP4Sendmsg // BpfCgroupUDP6Sendmsg attach type BpfCgroupUDP6Sendmsg // BpfLircMode2 attach type BpfLircMode2 // BpfFlowDissector attach type BpfFlowDissector // BpfCgroupSysctl attach type BpfCgroupSysctl // BpfCgroupUDP4Recvmsg attach type BpfCgroupUDP4Recvmsg // BpfCgroupUDP6Recvmsg attach type BpfCgroupUDP6Recvmsg // BpfCgroupGetsockopt attach type BpfCgroupGetsockopt // BpfCgroupSetsockopt attach type BpfCgroupSetsockopt // BpfTraceRawTp attach type BpfTraceRawTp // BpfTraceFentry attach type BpfTraceFentry // BpfTraceFexit attach type BpfTraceFexit // BpfModifyReturn attach type BpfModifyReturn // BpfLsmMac attach type BpfLsmMac // BpfTraceIter attach type BpfTraceIter // BpfCgroupInet4Getpeername attach type BpfCgroupInet4Getpeername // BpfCgroupInet6Getpeername attach type BpfCgroupInet6Getpeername // BpfCgroupInet4Getsockname attach type BpfCgroupInet4Getsockname // BpfCgroupInet6Getsockname attach type BpfCgroupInet6Getsockname // BpfXdpDevmap attach type BpfXdpDevmap // BpfCgroupInetSockRelease attach type BpfCgroupInetSockRelease // BpfXdpCPUmap attach type BpfXdpCPUmap // BpfSkLookup attach type BpfSkLookup // BpfXdp attach type BpfXdp // BpfSkSkbVerdict attach type BpfSkSkbVerdict )
func (BPFAttachType) String ¶
func (t BPFAttachType) String() string
type BPFCmd ¶
type BPFCmd uint64
BPFCmd represents a BPF command
const ( // BpfMapCreateCmd command BpfMapCreateCmd BPFCmd = iota // BpfMapLookupElemCmd command BpfMapLookupElemCmd // BpfMapUpdateElemCmd command BpfMapUpdateElemCmd // BpfMapDeleteElemCmd command BpfMapDeleteElemCmd // BpfMapGetNextKeyCmd command BpfMapGetNextKeyCmd // BpfProgLoadCmd command BpfProgLoadCmd // BpfObjPinCmd command BpfObjPinCmd // BpfObjGetCmd command BpfObjGetCmd // BpfProgAttachCmd command BpfProgAttachCmd // BpfProgDetachCmd command BpfProgDetachCmd // BpfProgTestRunCmd command BpfProgTestRunCmd // BpfProgGetNextIDCmd command BpfProgGetNextIDCmd // BpfMapGetNextIDCmd command BpfMapGetNextIDCmd // BpfProgGetFdByIDCmd command BpfProgGetFdByIDCmd // BpfMapGetFdByIDCmd command BpfMapGetFdByIDCmd // BpfObjGetInfoByFdCmd command BpfObjGetInfoByFdCmd // BpfProgQueryCmd command BpfProgQueryCmd // BpfRawTracepointOpenCmd command BpfRawTracepointOpenCmd // BpfBtfLoadCmd command BpfBtfLoadCmd // BpfBtfGetFdByIDCmd command BpfBtfGetFdByIDCmd // BpfTaskFdQueryCmd command BpfTaskFdQueryCmd // BpfMapLookupAndDeleteElemCmd command BpfMapLookupAndDeleteElemCmd // BpfMapFreezeCmd command BpfMapFreezeCmd // BpfBtfGetNextIDCmd command BpfBtfGetNextIDCmd // BpfMapLookupBatchCmd command BpfMapLookupBatchCmd // BpfMapLookupAndDeleteBatchCmd command BpfMapLookupAndDeleteBatchCmd // BpfMapUpdateBatchCmd command BpfMapUpdateBatchCmd // BpfMapDeleteBatchCmd command BpfMapDeleteBatchCmd // BpfLinkCreateCmd command BpfLinkCreateCmd // BpfLinkUpdateCmd command BpfLinkUpdateCmd // BpfLinkGetFdByIDCmd command BpfLinkGetFdByIDCmd // BpfLinkGetNextIDCmd command BpfLinkGetNextIDCmd // BpfEnableStatsCmd command BpfEnableStatsCmd // BpfIterCreateCmd command BpfIterCreateCmd // BpfLinkDetachCmd command BpfLinkDetachCmd // BpfProgBindMapCmd command BpfProgBindMapCmd )
type BPFEvent ¶
type BPFEvent struct { SyscallEvent Map BPFMap `field:"map"` // eBPF map involved in the BPF command Program BPFProgram `field:"prog"` // eBPF program involved in the BPF command Cmd uint32 `field:"cmd"` // SECLDoc[cmd] Definition:`BPF command name` Constants:`BPF commands` }
BPFEvent represents a BPF event
type BPFHelperFunc ¶
type BPFHelperFunc uint32
BPFHelperFunc represents a BPF helper function
const ( // BpfUnspec helper function BpfUnspec BPFHelperFunc = iota // BpfMapLookupElem helper function BpfMapLookupElem // BpfMapUpdateElem helper function BpfMapUpdateElem // BpfMapDeleteElem helper function BpfMapDeleteElem // BpfProbeRead helper function BpfProbeRead // BpfKtimeGetNs helper function BpfKtimeGetNs // BpfTracePrintk helper function BpfTracePrintk // BpfGetPrandomU32 helper function BpfGetPrandomU32 // BpfGetSmpProcessorID helper function BpfGetSmpProcessorID // BpfSkbStoreBytes helper function BpfSkbStoreBytes // BpfL3CsumReplace helper function BpfL3CsumReplace // BpfL4CsumReplace helper function BpfL4CsumReplace // BpfTailCall helper function BpfTailCall // BpfCloneRedirect helper function BpfCloneRedirect // BpfGetCurrentPidTgid helper function BpfGetCurrentPidTgid // BpfGetCurrentUIDGid helper function BpfGetCurrentUIDGid // BpfGetCurrentComm helper function BpfGetCurrentComm // BpfGetCgroupClassid helper function BpfGetCgroupClassid // BpfSkbVlanPush helper function BpfSkbVlanPush // BpfSkbVlanPop helper function BpfSkbVlanPop // BpfSkbGetTunnelKey helper function BpfSkbGetTunnelKey // BpfSkbSetTunnelKey helper function BpfSkbSetTunnelKey // BpfPerfEventRead helper function BpfPerfEventRead // BpfRedirect helper function BpfRedirect // BpfGetRouteRealm helper function BpfGetRouteRealm // BpfPerfEventOutput helper function BpfPerfEventOutput // BpfSkbLoadBytes helper function BpfSkbLoadBytes // BpfGetStackid helper function BpfGetStackid // BpfCsumDiff helper function BpfCsumDiff // BpfSkbGetTunnelOpt helper function BpfSkbGetTunnelOpt // BpfSkbSetTunnelOpt helper function BpfSkbSetTunnelOpt // BpfSkbChangeProto helper function BpfSkbChangeProto // BpfSkbChangeType helper function BpfSkbChangeType // BpfSkbUnderCgroup helper function BpfSkbUnderCgroup // BpfGetHashRecalc helper function BpfGetHashRecalc // BpfGetCurrentTask helper function BpfGetCurrentTask // BpfProbeWriteUser helper function BpfProbeWriteUser // BpfCurrentTaskUnderCgroup helper function BpfCurrentTaskUnderCgroup // BpfSkbChangeTail helper function BpfSkbChangeTail // BpfSkbPullData helper function BpfSkbPullData // BpfCsumUpdate helper function BpfCsumUpdate // BpfSetHashInvalid helper function BpfSetHashInvalid // BpfGetNumaNodeID helper function BpfGetNumaNodeID // BpfSkbChangeHead helper function BpfSkbChangeHead // BpfXdpAdjustHead helper function BpfXdpAdjustHead // BpfProbeReadStr helper function BpfProbeReadStr // BpfGetSocketCookie helper function BpfGetSocketCookie // BpfGetSocketUID helper function BpfGetSocketUID // BpfSetHash helper function BpfSetHash // BpfSetsockopt helper function BpfSetsockopt // BpfSkbAdjustRoom helper function BpfSkbAdjustRoom // BpfRedirectMap helper function BpfRedirectMap // BpfSkRedirectMap helper function BpfSkRedirectMap // BpfSockMapUpdate helper function BpfSockMapUpdate // BpfXdpAdjustMeta helper function BpfXdpAdjustMeta // BpfPerfEventReadValue helper function BpfPerfEventReadValue // BpfPerfProgReadValue helper function BpfPerfProgReadValue // BpfGetsockopt helper function BpfGetsockopt // BpfOverrideReturn helper function BpfOverrideReturn // BpfSockOpsCbFlagsSet helper function BpfSockOpsCbFlagsSet // BpfMsgRedirectMap helper function BpfMsgRedirectMap // BpfMsgApplyBytes helper function BpfMsgApplyBytes // BpfMsgCorkBytes helper function BpfMsgCorkBytes // BpfMsgPullData helper function BpfMsgPullData // BpfBind helper function BpfBind // BpfXdpAdjustTail helper function BpfXdpAdjustTail // BpfSkbGetXfrmState helper function BpfSkbGetXfrmState // BpfGetStack helper function BpfGetStack // BpfSkbLoadBytesRelative helper function BpfSkbLoadBytesRelative // BpfFibLookup helper function BpfFibLookup // BpfSockHashUpdate helper function BpfSockHashUpdate // BpfMsgRedirectHash helper function BpfMsgRedirectHash // BpfSkRedirectHash helper function BpfSkRedirectHash // BpfLwtPushEncap helper function BpfLwtPushEncap // BpfLwtSeg6StoreBytes helper function BpfLwtSeg6StoreBytes // BpfLwtSeg6AdjustSrh helper function BpfLwtSeg6AdjustSrh // BpfLwtSeg6Action helper function BpfLwtSeg6Action // BpfRcRepeat helper function BpfRcRepeat // BpfRcKeydown helper function BpfRcKeydown // BpfSkbCgroupID helper function BpfSkbCgroupID // BpfGetCurrentCgroupID helper function BpfGetCurrentCgroupID // BpfGetLocalStorage helper function BpfGetLocalStorage // BpfSkSelectReuseport helper function BpfSkSelectReuseport // BpfSkbAncestorCgroupID helper function BpfSkbAncestorCgroupID // BpfSkLookupTCP helper function BpfSkLookupTCP // BpfSkLookupUDP helper function BpfSkLookupUDP // BpfSkRelease helper function BpfSkRelease // BpfMapPushElem helper function BpfMapPushElem // BpfMapPopElem helper function BpfMapPopElem // BpfMapPeekElem helper function BpfMapPeekElem // BpfMsgPushData helper function BpfMsgPushData // BpfMsgPopData helper function BpfMsgPopData // BpfRcPointerRel helper function BpfRcPointerRel // BpfSpinLock helper function BpfSpinLock // BpfSpinUnlock helper function BpfSpinUnlock // BpfSkFullsock helper function BpfSkFullsock // BpfTCPSock helper function BpfTCPSock // BpfSkbEcnSetCe helper function BpfSkbEcnSetCe // BpfGetListenerSock helper function BpfGetListenerSock // BpfSkcLookupTCP helper function BpfSkcLookupTCP BpfTCPCheckSyncookie // BpfSysctlGetName helper function BpfSysctlGetName // BpfSysctlGetCurrentValue helper function BpfSysctlGetCurrentValue // BpfSysctlGetNewValue helper function BpfSysctlGetNewValue // BpfSysctlSetNewValue helper function BpfSysctlSetNewValue // BpfStrtol helper function BpfStrtol // BpfStrtoul helper function BpfStrtoul // BpfSkStorageGet helper function BpfSkStorageGet // BpfSkStorageDelete helper function BpfSkStorageDelete // BpfSendSignal helper function BpfSendSignal BpfTCPGenSyncookie // BpfSkbOutput helper function BpfSkbOutput // BpfProbeReadUser helper function BpfProbeReadUser // BpfProbeReadKernel helper function BpfProbeReadKernel // BpfProbeReadUserStr helper function BpfProbeReadUserStr // BpfProbeReadKernelStr helper function BpfProbeReadKernelStr // BpfTCPSendAck helper function BpfTCPSendAck // BpfSendSignalThread helper function BpfSendSignalThread // BpfJiffies64 helper function BpfJiffies64 // BpfReadBranchRecords helper function BpfReadBranchRecords // BpfGetNsCurrentPidTgid helper function BpfGetNsCurrentPidTgid // BpfXdpOutput helper function BpfXdpOutput // BpfGetNetnsCookie helper function BpfGetNetnsCookie // BpfGetCurrentAncestorCgroupID helper function BpfGetCurrentAncestorCgroupID // BpfSkAssign helper function BpfSkAssign // BpfKtimeGetBootNs helper function BpfKtimeGetBootNs // BpfSeqPrintf helper function BpfSeqPrintf // BpfSeqWrite helper function BpfSeqWrite // BpfSkCgroupID helper function BpfSkCgroupID // BpfSkAncestorCgroupID helper function BpfSkAncestorCgroupID // BpfRingbufOutput helper function BpfRingbufOutput // BpfRingbufReserve helper function BpfRingbufReserve // BpfRingbufSubmit helper function BpfRingbufSubmit // BpfRingbufDiscard helper function BpfRingbufDiscard // BpfRingbufQuery helper function BpfRingbufQuery // BpfCsumLevel helper function BpfCsumLevel // BpfSkcToTCP6Sock helper function BpfSkcToTCP6Sock // BpfSkcToTCPSock helper function BpfSkcToTCPSock // BpfSkcToTCPTimewaitSock helper function BpfSkcToTCPTimewaitSock // BpfSkcToTCPRequestSock helper function BpfSkcToTCPRequestSock // BpfSkcToUDP6Sock helper function BpfSkcToUDP6Sock // BpfGetTaskStack helper function BpfGetTaskStack // BpfLoadHdrOpt helper function BpfLoadHdrOpt // BpfStoreHdrOpt helper function BpfStoreHdrOpt // BpfReserveHdrOpt helper function BpfReserveHdrOpt // BpfInodeStorageGet helper function BpfInodeStorageGet // BpfInodeStorageDelete helper function BpfInodeStorageDelete // BpfDPath helper function BpfDPath // BpfCopyFromUser helper function BpfCopyFromUser // BpfSnprintfBtf helper function BpfSnprintfBtf // BpfSeqPrintfBtf helper function BpfSeqPrintfBtf // BpfSkbCgroupClassid helper function BpfSkbCgroupClassid // BpfRedirectNeigh helper function BpfRedirectNeigh // BpfPerCPUPtr helper function BpfPerCPUPtr // BpfThisCPUPtr helper function BpfThisCPUPtr // BpfRedirectPeer helper function BpfRedirectPeer // BpfTaskStorageGet helper function BpfTaskStorageGet // BpfTaskStorageDelete helper function BpfTaskStorageDelete // BpfGetCurrentTaskBtf helper function BpfGetCurrentTaskBtf // BpfBprmOptsSet helper function BpfBprmOptsSet // BpfKtimeGetCoarseNs helper function BpfKtimeGetCoarseNs // BpfImaInodeHash helper function BpfImaInodeHash // BpfSockFromFile helper function BpfSockFromFile // BpfCheckMtu helper function BpfCheckMtu // BpfForEachMapElem helper function BpfForEachMapElem // BpfSnprintf helper function BpfSnprintf )
func (BPFHelperFunc) String ¶
func (f BPFHelperFunc) String() string
type BPFMap ¶
type BPFMap struct { ID uint32 `field:"-" json:"-"` // ID of the eBPF map Type uint32 `field:"type"` // SECLDoc[type] Definition:`Type of the eBPF map` Constants:`BPF map types` Name string `field:"name"` // SECLDoc[name] Definition:`Name of the eBPF map (added in 7.35)` }
BPFMap represents a BPF map
type BPFMapType ¶
type BPFMapType uint32
BPFMapType is used to define map type constants
const ( // BpfMapTypeUnspec map type BpfMapTypeUnspec BPFMapType = iota // BpfMapTypeHash map type BpfMapTypeHash // BpfMapTypeArray map type BpfMapTypeArray // BpfMapTypeProgArray map type BpfMapTypeProgArray // BpfMapTypePerfEventArray map type BpfMapTypePerfEventArray // BpfMapTypePercpuHash map type BpfMapTypePercpuHash // BpfMapTypePercpuArray map type BpfMapTypePercpuArray // BpfMapTypeStackTrace map type BpfMapTypeStackTrace // BpfMapTypeCgroupArray map type BpfMapTypeCgroupArray // BpfMapTypeLruHash map type BpfMapTypeLruHash // BpfMapTypeLruPercpuHash map type BpfMapTypeLruPercpuHash // BpfMapTypeLpmTrie map type BpfMapTypeLpmTrie // BpfMapTypeArrayOfMaps map type BpfMapTypeArrayOfMaps // BpfMapTypeHashOfMaps map type BpfMapTypeHashOfMaps // BpfMapTypeDevmap map type BpfMapTypeDevmap // BpfMapTypeSockmap map type BpfMapTypeSockmap // BpfMapTypeCPUmap map type BpfMapTypeCPUmap // BpfMapTypeXskmap map type BpfMapTypeXskmap // BpfMapTypeSockhash map type BpfMapTypeSockhash // BpfMapTypeCgroupStorage map type BpfMapTypeCgroupStorage // BpfMapTypeReuseportSockarray map type BpfMapTypeReuseportSockarray // BpfMapTypePercpuCgroupStorage map type BpfMapTypePercpuCgroupStorage // BpfMapTypeQueue map type BpfMapTypeQueue // BpfMapTypeStack map type BpfMapTypeStack // BpfMapTypeSkStorage map type BpfMapTypeSkStorage // BpfMapTypeDevmapHash map type BpfMapTypeDevmapHash // BpfMapTypeStructOps map type BpfMapTypeStructOps // BpfMapTypeRingbuf map type BpfMapTypeRingbuf // BpfMapTypeInodeStorage map type BpfMapTypeInodeStorage // BpfMapTypeTaskStorage map type BpfMapTypeTaskStorage )
func (BPFMapType) String ¶
func (t BPFMapType) String() string
type BPFProgram ¶
type BPFProgram struct { ID uint32 `field:"-" json:"-"` // ID of the eBPF program Type uint32 `field:"type"` // SECLDoc[type] Definition:`Type of the eBPF program` Constants:`BPF program types` AttachType uint32 `field:"attach_type"` // SECLDoc[attach_type] Definition:`Attach type of the eBPF program` Constants:`BPF attach types` Helpers []uint32 `field:"helpers"` // SECLDoc[helpers] Definition:`eBPF helpers used by the eBPF program (added in 7.35)` Constants:`BPF helper functions` Name string `field:"name"` // SECLDoc[name] Definition:`Name of the eBPF program (added in 7.35)` Tag string `field:"tag"` // SECLDoc[tag] Definition:`Hash (sha1) of the eBPF program (added in 7.35)` }
BPFProgram represents a BPF program
func (*BPFProgram) UnmarshalBinary ¶
func (p *BPFProgram) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type BPFProgramType ¶
type BPFProgramType uint32
BPFProgramType is used to define program type constants
const ( // BpfProgTypeUnspec program type BpfProgTypeUnspec BPFProgramType = iota // BpfProgTypeSocketFilter program type BpfProgTypeSocketFilter // BpfProgTypeKprobe program type BpfProgTypeKprobe // BpfProgTypeSchedCls program type BpfProgTypeSchedCls // BpfProgTypeSchedAct program type BpfProgTypeSchedAct // BpfProgTypeTracepoint program type BpfProgTypeTracepoint // BpfProgTypeXdp program type BpfProgTypeXdp // BpfProgTypePerfEvent program type BpfProgTypePerfEvent // BpfProgTypeCgroupSkb program type BpfProgTypeCgroupSkb // BpfProgTypeCgroupSock program type BpfProgTypeCgroupSock // BpfProgTypeLwtIn program type BpfProgTypeLwtIn // BpfProgTypeLwtOut program type BpfProgTypeLwtOut // BpfProgTypeLwtXmit program type BpfProgTypeLwtXmit // BpfProgTypeSockOps program type BpfProgTypeSockOps // BpfProgTypeSkSkb program type BpfProgTypeSkSkb // BpfProgTypeCgroupDevice program type BpfProgTypeCgroupDevice // BpfProgTypeSkMsg program type BpfProgTypeSkMsg // BpfProgTypeRawTracepoint program type BpfProgTypeRawTracepoint // BpfProgTypeCgroupSockAddr program type BpfProgTypeCgroupSockAddr // BpfProgTypeLwtSeg6local program type BpfProgTypeLwtSeg6local // BpfProgTypeLircMode2 program type BpfProgTypeLircMode2 // BpfProgTypeSkReuseport program type BpfProgTypeSkReuseport // BpfProgTypeFlowDissector program type BpfProgTypeFlowDissector // BpfProgTypeCgroupSysctl program type BpfProgTypeCgroupSysctl // BpfProgTypeRawTracepointWritable program type BpfProgTypeRawTracepointWritable // BpfProgTypeCgroupSockopt program type BpfProgTypeCgroupSockopt // BpfProgTypeTracing program type BpfProgTypeTracing // BpfProgTypeStructOps program type BpfProgTypeStructOps // BpfProgTypeExt program type BpfProgTypeExt // BpfProgTypeLsm program type BpfProgTypeLsm // BpfProgTypeSkLookup program type BpfProgTypeSkLookup )
func (BPFProgramType) String ¶
func (t BPFProgramType) String() string
type BaseEvent ¶ added in v0.48.0
type BaseEvent struct { ID string `field:"-" event:"*"` Type uint32 `field:"-"` Flags uint32 `field:"-"` TimestampRaw uint64 `field:"event.timestamp,handler:ResolveEventTimestamp" event:"*"` // SECLDoc[event.timestamp] Definition:`Timestamp of the event` Timestamp time.Time `field:"timestamp,opts:getters_only,handler:ResolveEventTime"` Rules []*MatchedRule `field:"-"` // context shared with all events SpanContext SpanContext `field:"-" json:"-"` ProcessContext *ProcessContext `field:"process" event:"*"` ContainerContext *ContainerContext `field:"container" event:"*"` NetworkContext NetworkContext `field:"network" event:"dns"` SecurityProfileContext SecurityProfileContext `field:"-"` // internal usage PIDContext PIDContext `field:"-" json:"-"` ProcessCacheEntry *ProcessCacheEntry `field:"-" json:"-"` // mark event with having error Error error `field:"-" json:"-"` // field resolution FieldHandlers FieldHandlers `field:"-" json:"-"` }
BaseEvent represents an event sent from the kernel
type BinaryMarshaler ¶ added in v0.36.0
BinaryMarshaler interface implemented by every event type
type BinaryUnmarshaler ¶
BinaryUnmarshaler interface implemented by every event type
type BindEvent ¶ added in v0.37.0
type BindEvent struct { SyscallEvent Addr IPPortContext `field:"addr"` // Bound address AddrFamily uint16 `field:"addr.family"` // SECLDoc[addr.family] Definition:`Address family` }
BindEvent represents a bind event
type CapsetEvent ¶
type CapsetEvent struct { CapEffective uint64 `field:"cap_effective"` // SECLDoc[cap_effective] Definition:`Effective capability set of the process` Constants:`Kernel Capability constants` CapPermitted uint64 `field:"cap_permitted"` // SECLDoc[cap_permitted] Definition:`Permitted capability set of the process` Constants:`Kernel Capability constants` }
CapsetEvent represents a capset event
func (*CapsetEvent) UnmarshalBinary ¶
func (e *CapsetEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type CgroupTracingEvent ¶ added in v0.36.0
type CgroupTracingEvent struct { ContainerContext ContainerContext Config ActivityDumpLoadConfig ConfigCookie uint64 }
CgroupTracingEvent is used to signal that a new cgroup should be traced by the activity dump manager
func (*CgroupTracingEvent) UnmarshalBinary ¶ added in v0.36.0
func (e *CgroupTracingEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type ChmodEvent ¶
type ChmodEvent struct { SyscallEvent File FileEvent `field:"file"` Mode uint32 `field:"file.destination.mode; file.destination.rights"` // SECLDoc[file.destination.mode] Definition:`New mode of the chmod-ed file` Constants:`File mode constants` SECLDoc[file.destination.rights] Definition:`New rights of the chmod-ed file` Constants:`File mode constants` }
ChmodEvent represents a chmod event
func (*ChmodEvent) UnmarshalBinary ¶
func (e *ChmodEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type ChownEvent ¶
type ChownEvent struct { SyscallEvent File FileEvent `field:"file"` UID int64 `field:"file.destination.uid"` // SECLDoc[file.destination.uid] Definition:`New UID of the chown-ed file's owner` User string `field:"file.destination.user,handler:ResolveChownUID"` // SECLDoc[file.destination.user] Definition:`New user of the chown-ed file's owner` GID int64 `field:"file.destination.gid"` // SECLDoc[file.destination.gid] Definition:`New GID of the chown-ed file's owner` Group string `field:"file.destination.group,handler:ResolveChownGID"` // SECLDoc[file.destination.group] Definition:`New group of the chown-ed file's owner` }
ChownEvent represents a chown event
func (*ChownEvent) UnmarshalBinary ¶
func (e *ChownEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type ContainerContext ¶
type ContainerContext struct { Releasable ID string `field:"id,handler:ResolveContainerID"` // SECLDoc[id] Definition:`ID of the container` CreatedAt uint64 `field:"created_at,handler:ResolveContainerCreatedAt"` // SECLDoc[created_at] Definition:`Timestamp of the creation of the container“ Tags []string `field:"tags,handler:ResolveContainerTags,opts:skip_ad,weight:9999"` // SECLDoc[tags] Definition:`Tags of the container` Resolved bool `field:"-"` }
ContainerContext holds the container context of an event
func (*ContainerContext) UnmarshalBinary ¶
func (e *ContainerContext) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type Credentials ¶
type Credentials struct { UID uint32 `field:"uid"` // SECLDoc[uid] Definition:`UID of the process` GID uint32 `field:"gid"` // SECLDoc[gid] Definition:`GID of the process` User string `field:"user"` // SECLDoc[user] Definition:`User of the process` Example:`process.user == "root"` Description:`Constrain an event to be triggered by a process running as the root user.` Group string `field:"group"` // SECLDoc[group] Definition:`Group of the process` EUID uint32 `field:"euid"` // SECLDoc[euid] Definition:`Effective UID of the process` EGID uint32 `field:"egid"` // SECLDoc[egid] Definition:`Effective GID of the process` EUser string `field:"euser"` // SECLDoc[euser] Definition:`Effective user of the process` EGroup string `field:"egroup"` // SECLDoc[egroup] Definition:`Effective group of the process` FSUID uint32 `field:"fsuid"` // SECLDoc[fsuid] Definition:`FileSystem-uid of the process` FSGID uint32 `field:"fsgid"` // SECLDoc[fsgid] Definition:`FileSystem-gid of the process` FSUser string `field:"fsuser"` // SECLDoc[fsuser] Definition:`FileSystem-user of the process` FSGroup string `field:"fsgroup"` // SECLDoc[fsgroup] Definition:`FileSystem-group of the process` CapEffective uint64 `field:"cap_effective"` // SECLDoc[cap_effective] Definition:`Effective capability set of the process` Constants:`Kernel Capability constants` CapPermitted uint64 `field:"cap_permitted"` // SECLDoc[cap_permitted] Definition:`Permitted capability set of the process` Constants:`Kernel Capability constants` }
Credentials represents the kernel credentials of a process
func (*Credentials) Equals ¶ added in v0.47.0
func (c *Credentials) Equals(o *Credentials) bool
Equals returns if both credentials are equal
func (*Credentials) MarshalBinary ¶ added in v0.36.0
func (e *Credentials) MarshalBinary(data []byte) (int, error)
MarshalBinary marshalls a binary representation of itself
func (*Credentials) UnmarshalBinary ¶
func (e *Credentials) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type DNSEvent ¶ added in v0.36.0
type DNSEvent struct { ID uint16 `field:"id" json:"-"` // SECLDoc[id] Definition:`[Experimental] the DNS request ID` Name string `field:"question.name,opts:length" op_override:"eval.DNSNameCmp"` // SECLDoc[question.name] Definition:`the queried domain name` Type uint16 `field:"question.type"` // SECLDoc[question.type] Definition:`a two octet code which specifies the DNS question type` Constants:`DNS qtypes` Class uint16 `field:"question.class"` // SECLDoc[question.class] Definition:`the class looked up by the DNS question` Constants:`DNS qclasses` Size uint16 `field:"question.length"` // SECLDoc[question.length] Definition:`the total DNS request size in bytes` Count uint16 `field:"question.count"` // SECLDoc[question.count] Definition:`the total count of questions in the DNS request` }
DNSEvent represents a DNS event
type DefaultFieldHandlers ¶ added in v0.43.0
type DefaultFieldHandlers struct{}
func (*DefaultFieldHandlers) GetProcessService ¶ added in v0.46.0
func (dfh *DefaultFieldHandlers) GetProcessService(ev *Event) string
GetProcessService stub implementation
func (*DefaultFieldHandlers) ResolveAsync ¶ added in v0.44.0
func (dfh *DefaultFieldHandlers) ResolveAsync(ev *Event) bool
func (*DefaultFieldHandlers) ResolveChownGID ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveChownGID(ev *Event, e *ChownEvent) string
func (*DefaultFieldHandlers) ResolveChownUID ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveChownUID(ev *Event, e *ChownEvent) string
func (*DefaultFieldHandlers) ResolveContainerContext ¶ added in v0.46.0
func (dfh *DefaultFieldHandlers) ResolveContainerContext(ev *Event) (*ContainerContext, bool)
ResolveContainerContext stub implementation
func (*DefaultFieldHandlers) ResolveContainerCreatedAt ¶ added in v0.44.0
func (dfh *DefaultFieldHandlers) ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int
func (*DefaultFieldHandlers) ResolveContainerID ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveContainerID(ev *Event, e *ContainerContext) string
func (*DefaultFieldHandlers) ResolveContainerTags ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveContainerTags(ev *Event, e *ContainerContext) []string
func (*DefaultFieldHandlers) ResolveEventTime ¶ added in v0.46.0
func (dfh *DefaultFieldHandlers) ResolveEventTime(ev *Event) time.Time
ResolveEventTime stub implementation
func (*DefaultFieldHandlers) ResolveEventTimestamp ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveEventTimestamp(ev *Event, e *BaseEvent) int
func (*DefaultFieldHandlers) ResolveFileBasename ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFileBasename(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolveFileFieldsGroup ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFileFieldsGroup(ev *Event, e *FileFields) string
func (*DefaultFieldHandlers) ResolveFileFieldsInUpperLayer ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool
func (*DefaultFieldHandlers) ResolveFileFieldsUser ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFileFieldsUser(ev *Event, e *FileFields) string
func (*DefaultFieldHandlers) ResolveFileFilesystem ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFileFilesystem(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolveFilePath ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveFilePath(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolveHashes ¶ added in v0.47.0
func (dfh *DefaultFieldHandlers) ResolveHashes(eventType EventType, process *Process, file *FileEvent) []string
ResolveHashes resolves the hash of the provided file
func (*DefaultFieldHandlers) ResolveHashesFromEvent ¶ added in v0.47.0
func (dfh *DefaultFieldHandlers) ResolveHashesFromEvent(ev *Event, e *FileEvent) []string
func (*DefaultFieldHandlers) ResolveModuleArgs ¶ added in v0.45.0
func (dfh *DefaultFieldHandlers) ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string
func (*DefaultFieldHandlers) ResolveModuleArgv ¶ added in v0.45.0
func (dfh *DefaultFieldHandlers) ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string
func (*DefaultFieldHandlers) ResolveMountPointPath ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveMountPointPath(ev *Event, e *MountEvent) string
func (*DefaultFieldHandlers) ResolveMountSourcePath ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveMountSourcePath(ev *Event, e *MountEvent) string
func (*DefaultFieldHandlers) ResolveNetworkDeviceIfName ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string
func (*DefaultFieldHandlers) ResolvePackageName ¶ added in v0.44.0
func (dfh *DefaultFieldHandlers) ResolvePackageName(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolvePackageSourceVersion ¶ added in v0.44.0
func (dfh *DefaultFieldHandlers) ResolvePackageSourceVersion(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolvePackageVersion ¶ added in v0.44.0
func (dfh *DefaultFieldHandlers) ResolvePackageVersion(ev *Event, e *FileEvent) string
func (*DefaultFieldHandlers) ResolveProcessArgs ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgs(ev *Event, e *Process) string
func (*DefaultFieldHandlers) ResolveProcessArgsFlags ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgsFlags(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessArgsOptions ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgsOptions(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessArgsTruncated ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgsTruncated(ev *Event, e *Process) bool
func (*DefaultFieldHandlers) ResolveProcessArgv ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgv(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessArgv0 ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgv0(ev *Event, e *Process) string
func (*DefaultFieldHandlers) ResolveProcessArgvScrubbed ¶ added in v0.49.0
func (dfh *DefaultFieldHandlers) ResolveProcessArgvScrubbed(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessCacheEntry ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessCacheEntry(ev *Event) (*ProcessCacheEntry, bool)
ResolveProcessCacheEntry stub implementation
func (*DefaultFieldHandlers) ResolveProcessCreatedAt ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessCreatedAt(ev *Event, e *Process) int
func (*DefaultFieldHandlers) ResolveProcessEnvp ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessEnvp(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessEnvs ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessEnvs(ev *Event, e *Process) []string
func (*DefaultFieldHandlers) ResolveProcessEnvsTruncated ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveProcessEnvsTruncated(ev *Event, e *Process) bool
func (*DefaultFieldHandlers) ResolveRights ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveRights(ev *Event, e *FileFields) int
func (*DefaultFieldHandlers) ResolveSELinuxBoolName ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string
func (*DefaultFieldHandlers) ResolveSetgidEGroup ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string
func (*DefaultFieldHandlers) ResolveSetgidFSGroup ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string
func (*DefaultFieldHandlers) ResolveSetgidGroup ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetgidGroup(ev *Event, e *SetgidEvent) string
func (*DefaultFieldHandlers) ResolveSetuidEUser ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetuidEUser(ev *Event, e *SetuidEvent) string
func (*DefaultFieldHandlers) ResolveSetuidFSUser ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string
func (*DefaultFieldHandlers) ResolveSetuidUser ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveSetuidUser(ev *Event, e *SetuidEvent) string
func (*DefaultFieldHandlers) ResolveXAttrName ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveXAttrName(ev *Event, e *SetXAttrEvent) string
func (*DefaultFieldHandlers) ResolveXAttrNamespace ¶ added in v0.43.0
func (dfh *DefaultFieldHandlers) ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string
type EnvsEntry ¶
EnvsEntry defines a args cache entry
func (*EnvsEntry) FilterEnvs ¶ added in v0.39.0
FilterEnvs returns an array of envs, only the name of each variable is returned unless the variable name is part of the provided filter
type ErrInvalidKeyPath ¶ added in v0.44.0
ErrInvalidKeyPath is returned when inode or mountid are not valid
func (*ErrInvalidKeyPath) Error ¶ added in v0.44.0
func (e *ErrInvalidKeyPath) Error() string
type ErrNoProcessContext ¶ added in v0.50.0
type ErrNoProcessContext struct {
Err error
}
ErrNoProcessContext defines an error for event without process context
func (*ErrNoProcessContext) Error ¶ added in v0.50.0
func (e *ErrNoProcessContext) Error() string
Error implements the error interface
func (*ErrNoProcessContext) Unwrap ¶ added in v0.50.0
func (e *ErrNoProcessContext) Unwrap() error
Unwrap implements the error interface
type ErrProcessBrokenLineage ¶ added in v0.50.0
type ErrProcessBrokenLineage struct {
Err error
}
ErrProcessBrokenLineage returned when a process lineage is broken
func (*ErrProcessBrokenLineage) Error ¶ added in v0.50.0
func (e *ErrProcessBrokenLineage) Error() string
Error implements the error interface
func (*ErrProcessBrokenLineage) Unwrap ¶ added in v0.50.0
func (e *ErrProcessBrokenLineage) Unwrap() error
Unwrap implements the error interface
type ErrProcessIncompleteLineage ¶ added in v0.50.0
ErrProcessIncompleteLineage used when the lineage is incorrect in term of pid/ppid
func (*ErrProcessIncompleteLineage) Error ¶ added in v0.50.0
func (e *ErrProcessIncompleteLineage) Error() string
type ErrProcessMissingParentNode ¶ added in v0.50.0
ErrProcessMissingParentNode used when the lineage is incorrect in term of pid/ppid
func (*ErrProcessMissingParentNode) Error ¶ added in v0.50.0
func (e *ErrProcessMissingParentNode) Error() string
type ErrProcessWrongParentNode ¶ added in v0.50.0
ErrProcessWrongParentNode used when the lineage is correct in term of pid/ppid but an exec parent is missing
func (*ErrProcessWrongParentNode) Error ¶ added in v0.50.0
func (e *ErrProcessWrongParentNode) Error() string
type Event ¶
type Event struct { BaseEvent // globals Async bool `field:"event.async,handler:ResolveAsync" event:"*"` // SECLDoc[event.async] Definition:`True if the syscall was asynchronous` // fim events Chmod ChmodEvent `field:"chmod" event:"chmod"` // [7.27] [File] A file’s permissions were changed Chown ChownEvent `field:"chown" event:"chown"` // [7.27] [File] A file’s owner was changed Open OpenEvent `field:"open" event:"open"` // [7.27] [File] A file was opened Mkdir MkdirEvent `field:"mkdir" event:"mkdir"` // [7.27] [File] A directory was created Rmdir RmdirEvent `field:"rmdir" event:"rmdir"` // [7.27] [File] A directory was removed Rename RenameEvent `field:"rename" event:"rename"` // [7.27] [File] A file/directory was renamed Unlink UnlinkEvent `field:"unlink" event:"unlink"` // [7.27] [File] A file was deleted Utimes UtimesEvent `field:"utimes" event:"utimes"` // [7.27] [File] Change file access/modification times Link LinkEvent `field:"link" event:"link"` // [7.27] [File] Create a new name/alias for a file SetXAttr SetXAttrEvent `field:"setxattr" event:"setxattr"` // [7.27] [File] Set exteneded attributes RemoveXAttr SetXAttrEvent `field:"removexattr" event:"removexattr"` // [7.27] [File] Remove extended attributes Splice SpliceEvent `field:"splice" event:"splice"` // [7.36] [File] A splice command was executed Mount MountEvent `field:"mount" event:"mount"` // [7.42] [File] [Experimental] A filesystem was mounted // process events Exec ExecEvent `field:"exec" event:"exec"` // [7.27] [Process] A process was executed or forked SetUID SetuidEvent `field:"setuid" event:"setuid"` // [7.27] [Process] A process changed its effective uid SetGID SetgidEvent `field:"setgid" event:"setgid"` // [7.27] [Process] A process changed its effective gid Capset CapsetEvent `field:"capset" event:"capset"` // [7.27] [Process] A process changed its capacity set Signal SignalEvent `field:"signal" event:"signal"` // [7.35] [Process] A signal was sent Exit ExitEvent `field:"exit" event:"exit"` // [7.38] [Process] A process was terminated Syscalls SyscallsEvent `field:"-"` // anomaly detection related events AnomalyDetectionSyscallEvent AnomalyDetectionSyscallEvent `field:"-"` // kernel events SELinux SELinuxEvent `field:"selinux" event:"selinux"` // [7.30] [Kernel] An SELinux operation was run BPF BPFEvent `field:"bpf" event:"bpf"` // [7.33] [Kernel] A BPF command was executed PTrace PTraceEvent `field:"ptrace" event:"ptrace"` // [7.35] [Kernel] A ptrace command was executed MMap MMapEvent `field:"mmap" event:"mmap"` // [7.35] [Kernel] A mmap command was executed MProtect MProtectEvent `field:"mprotect" event:"mprotect"` // [7.35] [Kernel] A mprotect command was executed LoadModule LoadModuleEvent `field:"load_module" event:"load_module"` // [7.35] [Kernel] A new kernel module was loaded UnloadModule UnloadModuleEvent `field:"unload_module" event:"unload_module"` // [7.35] [Kernel] A kernel module was deleted // network events DNS DNSEvent `field:"dns" event:"dns"` // [7.36] [Network] A DNS request was sent Bind BindEvent `field:"bind" event:"bind"` // [7.37] [Network] A bind was executed // internal usage Umount UmountEvent `field:"-" json:"-"` InvalidateDentry InvalidateDentryEvent `field:"-" json:"-"` ArgsEnvs ArgsEnvsEvent `field:"-" json:"-"` MountReleased MountReleasedEvent `field:"-" json:"-"` CgroupTracing CgroupTracingEvent `field:"-" json:"-"` NetDevice NetDeviceEvent `field:"-" json:"-"` VethPair VethPairEvent `field:"-" json:"-"` }
Event represents an event sent from the kernel genaccessors
func NewDefaultEvent ¶ added in v0.43.0
func NewDefaultEvent() *Event
NewDefaultEvent returns a new event using the default field handlers
func (*Event) AddToFlags ¶ added in v0.45.0
AddToFlags adds a flag to the event
func (*Event) GetBindAddrFamily ¶ added in v0.49.0
GetBindAddrFamily returns the value of the field, resolving if necessary
func (*Event) GetBindAddrIp ¶ added in v0.49.0
GetBindAddrIp returns the value of the field, resolving if necessary
func (*Event) GetBindAddrPort ¶ added in v0.49.0
GetBindAddrPort returns the value of the field, resolving if necessary
func (*Event) GetBindRetval ¶ added in v0.49.0
GetBindRetval returns the value of the field, resolving if necessary
func (*Event) GetBpfCmd ¶ added in v0.49.0
GetBpfCmd returns the value of the field, resolving if necessary
func (*Event) GetBpfMapName ¶ added in v0.49.0
GetBpfMapName returns the value of the field, resolving if necessary
func (*Event) GetBpfMapType ¶ added in v0.49.0
GetBpfMapType returns the value of the field, resolving if necessary
func (*Event) GetBpfProgAttachType ¶ added in v0.49.0
GetBpfProgAttachType returns the value of the field, resolving if necessary
func (*Event) GetBpfProgHelpers ¶ added in v0.49.0
GetBpfProgHelpers returns the value of the field, resolving if necessary
func (*Event) GetBpfProgName ¶ added in v0.49.0
GetBpfProgName returns the value of the field, resolving if necessary
func (*Event) GetBpfProgTag ¶ added in v0.49.0
GetBpfProgTag returns the value of the field, resolving if necessary
func (*Event) GetBpfProgType ¶ added in v0.49.0
GetBpfProgType returns the value of the field, resolving if necessary
func (*Event) GetBpfRetval ¶ added in v0.49.0
GetBpfRetval returns the value of the field, resolving if necessary
func (*Event) GetCapsetCapEffective ¶ added in v0.49.0
GetCapsetCapEffective returns the value of the field, resolving if necessary
func (*Event) GetCapsetCapPermitted ¶ added in v0.49.0
GetCapsetCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetChmodFileChangeTime ¶ added in v0.49.0
GetChmodFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetChmodFileDestinationMode ¶ added in v0.49.0
GetChmodFileDestinationMode returns the value of the field, resolving if necessary
func (*Event) GetChmodFileDestinationRights ¶ added in v0.49.0
GetChmodFileDestinationRights returns the value of the field, resolving if necessary
func (*Event) GetChmodFileFilesystem ¶ added in v0.49.0
GetChmodFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetChmodFileGid ¶ added in v0.49.0
GetChmodFileGid returns the value of the field, resolving if necessary
func (*Event) GetChmodFileGroup ¶ added in v0.49.0
GetChmodFileGroup returns the value of the field, resolving if necessary
func (*Event) GetChmodFileHashes ¶ added in v0.49.0
GetChmodFileHashes returns the value of the field, resolving if necessary
func (*Event) GetChmodFileInUpperLayer ¶ added in v0.49.0
GetChmodFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetChmodFileInode ¶ added in v0.49.0
GetChmodFileInode returns the value of the field, resolving if necessary
func (*Event) GetChmodFileMode ¶ added in v0.49.0
GetChmodFileMode returns the value of the field, resolving if necessary
func (*Event) GetChmodFileModificationTime ¶ added in v0.49.0
GetChmodFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetChmodFileMountId ¶ added in v0.49.0
GetChmodFileMountId returns the value of the field, resolving if necessary
func (*Event) GetChmodFileName ¶ added in v0.49.0
GetChmodFileName returns the value of the field, resolving if necessary
func (*Event) GetChmodFileNameLength ¶ added in v0.49.0
GetChmodFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetChmodFilePackageName ¶ added in v0.49.0
GetChmodFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetChmodFilePackageSourceVersion ¶ added in v0.49.0
GetChmodFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetChmodFilePackageVersion ¶ added in v0.49.0
GetChmodFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetChmodFilePath ¶ added in v0.49.0
GetChmodFilePath returns the value of the field, resolving if necessary
func (*Event) GetChmodFilePathLength ¶ added in v0.49.0
GetChmodFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetChmodFileRights ¶ added in v0.49.0
GetChmodFileRights returns the value of the field, resolving if necessary
func (*Event) GetChmodFileUid ¶ added in v0.49.0
GetChmodFileUid returns the value of the field, resolving if necessary
func (*Event) GetChmodFileUser ¶ added in v0.49.0
GetChmodFileUser returns the value of the field, resolving if necessary
func (*Event) GetChmodRetval ¶ added in v0.49.0
GetChmodRetval returns the value of the field, resolving if necessary
func (*Event) GetChownFileChangeTime ¶ added in v0.49.0
GetChownFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetChownFileDestinationGid ¶ added in v0.49.0
GetChownFileDestinationGid returns the value of the field, resolving if necessary
func (*Event) GetChownFileDestinationGroup ¶ added in v0.49.0
GetChownFileDestinationGroup returns the value of the field, resolving if necessary
func (*Event) GetChownFileDestinationUid ¶ added in v0.49.0
GetChownFileDestinationUid returns the value of the field, resolving if necessary
func (*Event) GetChownFileDestinationUser ¶ added in v0.49.0
GetChownFileDestinationUser returns the value of the field, resolving if necessary
func (*Event) GetChownFileFilesystem ¶ added in v0.49.0
GetChownFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetChownFileGid ¶ added in v0.49.0
GetChownFileGid returns the value of the field, resolving if necessary
func (*Event) GetChownFileGroup ¶ added in v0.49.0
GetChownFileGroup returns the value of the field, resolving if necessary
func (*Event) GetChownFileHashes ¶ added in v0.49.0
GetChownFileHashes returns the value of the field, resolving if necessary
func (*Event) GetChownFileInUpperLayer ¶ added in v0.49.0
GetChownFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetChownFileInode ¶ added in v0.49.0
GetChownFileInode returns the value of the field, resolving if necessary
func (*Event) GetChownFileMode ¶ added in v0.49.0
GetChownFileMode returns the value of the field, resolving if necessary
func (*Event) GetChownFileModificationTime ¶ added in v0.49.0
GetChownFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetChownFileMountId ¶ added in v0.49.0
GetChownFileMountId returns the value of the field, resolving if necessary
func (*Event) GetChownFileName ¶ added in v0.49.0
GetChownFileName returns the value of the field, resolving if necessary
func (*Event) GetChownFileNameLength ¶ added in v0.49.0
GetChownFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetChownFilePackageName ¶ added in v0.49.0
GetChownFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetChownFilePackageSourceVersion ¶ added in v0.49.0
GetChownFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetChownFilePackageVersion ¶ added in v0.49.0
GetChownFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetChownFilePath ¶ added in v0.49.0
GetChownFilePath returns the value of the field, resolving if necessary
func (*Event) GetChownFilePathLength ¶ added in v0.49.0
GetChownFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetChownFileRights ¶ added in v0.49.0
GetChownFileRights returns the value of the field, resolving if necessary
func (*Event) GetChownFileUid ¶ added in v0.49.0
GetChownFileUid returns the value of the field, resolving if necessary
func (*Event) GetChownFileUser ¶ added in v0.49.0
GetChownFileUser returns the value of the field, resolving if necessary
func (*Event) GetChownRetval ¶ added in v0.49.0
GetChownRetval returns the value of the field, resolving if necessary
func (*Event) GetContainerCreatedAt ¶ added in v0.49.0
GetContainerCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetContainerId ¶ added in v0.49.0
GetContainerId returns the value of the field, resolving if necessary
func (*Event) GetContainerTags ¶ added in v0.49.0
GetContainerTags returns the value of the field, resolving if necessary
func (*Event) GetDnsId ¶ added in v0.49.0
GetDnsId returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionClass ¶ added in v0.49.0
GetDnsQuestionClass returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionCount ¶ added in v0.49.0
GetDnsQuestionCount returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionLength ¶ added in v0.49.0
GetDnsQuestionLength returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionName ¶ added in v0.49.0
GetDnsQuestionName returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionNameLength ¶ added in v0.49.0
GetDnsQuestionNameLength returns the value of the field, resolving if necessary
func (*Event) GetDnsQuestionType ¶ added in v0.49.0
GetDnsQuestionType returns the value of the field, resolving if necessary
func (*Event) GetEventAsync ¶ added in v0.49.0
GetEventAsync returns the value of the field, resolving if necessary
func (*Event) GetEventTimestamp ¶ added in v0.49.0
GetEventTimestamp returns the value of the field, resolving if necessary
func (*Event) GetEventType ¶
GetEventType returns the event type of the event
func (*Event) GetExecArgs ¶ added in v0.49.0
GetExecArgs returns the value of the field, resolving if necessary
func (*Event) GetExecArgsFlags ¶ added in v0.49.0
GetExecArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetExecArgsOptions ¶ added in v0.49.0
GetExecArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetExecArgsTruncated ¶ added in v0.49.0
GetExecArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetExecArgv ¶ added in v0.49.0
GetExecArgv returns the value of the field, resolving if necessary
func (*Event) GetExecArgv0 ¶ added in v0.49.0
GetExecArgv0 returns the value of the field, resolving if necessary
func (*Event) GetExecCapEffective ¶ added in v0.49.0
GetExecCapEffective returns the value of the field, resolving if necessary
func (*Event) GetExecCapPermitted ¶ added in v0.49.0
GetExecCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetExecComm ¶ added in v0.49.0
GetExecComm returns the value of the field, resolving if necessary
func (*Event) GetExecContainerId ¶ added in v0.49.0
GetExecContainerId returns the value of the field, resolving if necessary
func (*Event) GetExecCreatedAt ¶ added in v0.49.0
GetExecCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetExecEgid ¶ added in v0.49.0
GetExecEgid returns the value of the field, resolving if necessary
func (*Event) GetExecEgroup ¶ added in v0.49.0
GetExecEgroup returns the value of the field, resolving if necessary
func (*Event) GetExecEnvp ¶ added in v0.49.0
GetExecEnvp returns the value of the field, resolving if necessary
func (*Event) GetExecEnvs ¶ added in v0.49.0
GetExecEnvs returns the value of the field, resolving if necessary
func (*Event) GetExecEnvsTruncated ¶ added in v0.49.0
GetExecEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetExecEuid ¶ added in v0.49.0
GetExecEuid returns the value of the field, resolving if necessary
func (*Event) GetExecEuser ¶ added in v0.49.0
GetExecEuser returns the value of the field, resolving if necessary
func (*Event) GetExecExecTime ¶ added in v0.49.0
GetExecExecTime returns the value of the field, resolving if necessary
func (*Event) GetExecExitTime ¶ added in v0.49.0
GetExecExitTime returns the value of the field, resolving if necessary
func (*Event) GetExecFileChangeTime ¶ added in v0.49.0
GetExecFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetExecFileFilesystem ¶ added in v0.49.0
GetExecFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetExecFileGid ¶ added in v0.49.0
GetExecFileGid returns the value of the field, resolving if necessary
func (*Event) GetExecFileGroup ¶ added in v0.49.0
GetExecFileGroup returns the value of the field, resolving if necessary
func (*Event) GetExecFileHashes ¶ added in v0.49.0
GetExecFileHashes returns the value of the field, resolving if necessary
func (*Event) GetExecFileInUpperLayer ¶ added in v0.49.0
GetExecFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetExecFileInode ¶ added in v0.49.0
GetExecFileInode returns the value of the field, resolving if necessary
func (*Event) GetExecFileMode ¶ added in v0.49.0
GetExecFileMode returns the value of the field, resolving if necessary
func (*Event) GetExecFileModificationTime ¶ added in v0.49.0
GetExecFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetExecFileMountId ¶ added in v0.49.0
GetExecFileMountId returns the value of the field, resolving if necessary
func (*Event) GetExecFileName ¶ added in v0.49.0
GetExecFileName returns the value of the field, resolving if necessary
func (*Event) GetExecFileNameLength ¶ added in v0.49.0
GetExecFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetExecFilePackageName ¶ added in v0.49.0
GetExecFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetExecFilePackageSourceVersion ¶ added in v0.49.0
GetExecFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetExecFilePackageVersion ¶ added in v0.49.0
GetExecFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetExecFilePath ¶ added in v0.49.0
GetExecFilePath returns the value of the field, resolving if necessary
func (*Event) GetExecFilePathLength ¶ added in v0.49.0
GetExecFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetExecFileRights ¶ added in v0.49.0
GetExecFileRights returns the value of the field, resolving if necessary
func (*Event) GetExecFileUid ¶ added in v0.49.0
GetExecFileUid returns the value of the field, resolving if necessary
func (*Event) GetExecFileUser ¶ added in v0.49.0
GetExecFileUser returns the value of the field, resolving if necessary
func (*Event) GetExecForkTime ¶ added in v0.49.0
GetExecForkTime returns the value of the field, resolving if necessary
func (*Event) GetExecFsgid ¶ added in v0.49.0
GetExecFsgid returns the value of the field, resolving if necessary
func (*Event) GetExecFsgroup ¶ added in v0.49.0
GetExecFsgroup returns the value of the field, resolving if necessary
func (*Event) GetExecFsuid ¶ added in v0.49.0
GetExecFsuid returns the value of the field, resolving if necessary
func (*Event) GetExecFsuser ¶ added in v0.49.0
GetExecFsuser returns the value of the field, resolving if necessary
func (*Event) GetExecGid ¶ added in v0.49.0
GetExecGid returns the value of the field, resolving if necessary
func (*Event) GetExecGroup ¶ added in v0.49.0
GetExecGroup returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileChangeTime ¶ added in v0.49.0
GetExecInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileFilesystem ¶ added in v0.49.0
GetExecInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileGid ¶ added in v0.49.0
GetExecInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileGroup ¶ added in v0.49.0
GetExecInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileHashes ¶ added in v0.49.0
GetExecInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileInUpperLayer ¶ added in v0.49.0
GetExecInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileInode ¶ added in v0.49.0
GetExecInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileMode ¶ added in v0.49.0
GetExecInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileModificationTime ¶ added in v0.49.0
GetExecInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileMountId ¶ added in v0.49.0
GetExecInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileName ¶ added in v0.49.0
GetExecInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileNameLength ¶ added in v0.49.0
GetExecInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFilePackageName ¶ added in v0.49.0
GetExecInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetExecInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFilePackageVersion ¶ added in v0.49.0
GetExecInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFilePath ¶ added in v0.49.0
GetExecInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFilePathLength ¶ added in v0.49.0
GetExecInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileRights ¶ added in v0.49.0
GetExecInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileUid ¶ added in v0.49.0
GetExecInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetExecInterpreterFileUser ¶ added in v0.49.0
GetExecInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetExecIsKworker ¶ added in v0.49.0
GetExecIsKworker returns the value of the field, resolving if necessary
func (*Event) GetExecIsThread ¶ added in v0.49.0
GetExecIsThread returns the value of the field, resolving if necessary
func (*Event) GetExecPid ¶ added in v0.49.0
GetExecPid returns the value of the field, resolving if necessary
func (*Event) GetExecPpid ¶ added in v0.49.0
GetExecPpid returns the value of the field, resolving if necessary
func (*Event) GetExecTid ¶ added in v0.49.0
GetExecTid returns the value of the field, resolving if necessary
func (*Event) GetExecTtyName ¶ added in v0.49.0
GetExecTtyName returns the value of the field, resolving if necessary
func (*Event) GetExecUid ¶ added in v0.49.0
GetExecUid returns the value of the field, resolving if necessary
func (*Event) GetExecUser ¶ added in v0.49.0
GetExecUser returns the value of the field, resolving if necessary
func (*Event) GetExitArgs ¶ added in v0.49.0
GetExitArgs returns the value of the field, resolving if necessary
func (*Event) GetExitArgsFlags ¶ added in v0.49.0
GetExitArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetExitArgsOptions ¶ added in v0.49.0
GetExitArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetExitArgsTruncated ¶ added in v0.49.0
GetExitArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetExitArgv ¶ added in v0.49.0
GetExitArgv returns the value of the field, resolving if necessary
func (*Event) GetExitArgv0 ¶ added in v0.49.0
GetExitArgv0 returns the value of the field, resolving if necessary
func (*Event) GetExitCapEffective ¶ added in v0.49.0
GetExitCapEffective returns the value of the field, resolving if necessary
func (*Event) GetExitCapPermitted ¶ added in v0.49.0
GetExitCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetExitCause ¶ added in v0.49.0
GetExitCause returns the value of the field, resolving if necessary
func (*Event) GetExitCode ¶ added in v0.49.0
GetExitCode returns the value of the field, resolving if necessary
func (*Event) GetExitComm ¶ added in v0.49.0
GetExitComm returns the value of the field, resolving if necessary
func (*Event) GetExitContainerId ¶ added in v0.49.0
GetExitContainerId returns the value of the field, resolving if necessary
func (*Event) GetExitCreatedAt ¶ added in v0.49.0
GetExitCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetExitEgid ¶ added in v0.49.0
GetExitEgid returns the value of the field, resolving if necessary
func (*Event) GetExitEgroup ¶ added in v0.49.0
GetExitEgroup returns the value of the field, resolving if necessary
func (*Event) GetExitEnvp ¶ added in v0.49.0
GetExitEnvp returns the value of the field, resolving if necessary
func (*Event) GetExitEnvs ¶ added in v0.49.0
GetExitEnvs returns the value of the field, resolving if necessary
func (*Event) GetExitEnvsTruncated ¶ added in v0.49.0
GetExitEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetExitEuid ¶ added in v0.49.0
GetExitEuid returns the value of the field, resolving if necessary
func (*Event) GetExitEuser ¶ added in v0.49.0
GetExitEuser returns the value of the field, resolving if necessary
func (*Event) GetExitExecTime ¶ added in v0.49.0
GetExitExecTime returns the value of the field, resolving if necessary
func (*Event) GetExitExitTime ¶ added in v0.49.0
GetExitExitTime returns the value of the field, resolving if necessary
func (*Event) GetExitFileChangeTime ¶ added in v0.49.0
GetExitFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetExitFileFilesystem ¶ added in v0.49.0
GetExitFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetExitFileGid ¶ added in v0.49.0
GetExitFileGid returns the value of the field, resolving if necessary
func (*Event) GetExitFileGroup ¶ added in v0.49.0
GetExitFileGroup returns the value of the field, resolving if necessary
func (*Event) GetExitFileHashes ¶ added in v0.49.0
GetExitFileHashes returns the value of the field, resolving if necessary
func (*Event) GetExitFileInUpperLayer ¶ added in v0.49.0
GetExitFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetExitFileInode ¶ added in v0.49.0
GetExitFileInode returns the value of the field, resolving if necessary
func (*Event) GetExitFileMode ¶ added in v0.49.0
GetExitFileMode returns the value of the field, resolving if necessary
func (*Event) GetExitFileModificationTime ¶ added in v0.49.0
GetExitFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetExitFileMountId ¶ added in v0.49.0
GetExitFileMountId returns the value of the field, resolving if necessary
func (*Event) GetExitFileName ¶ added in v0.49.0
GetExitFileName returns the value of the field, resolving if necessary
func (*Event) GetExitFileNameLength ¶ added in v0.49.0
GetExitFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetExitFilePackageName ¶ added in v0.49.0
GetExitFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetExitFilePackageSourceVersion ¶ added in v0.49.0
GetExitFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetExitFilePackageVersion ¶ added in v0.49.0
GetExitFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetExitFilePath ¶ added in v0.49.0
GetExitFilePath returns the value of the field, resolving if necessary
func (*Event) GetExitFilePathLength ¶ added in v0.49.0
GetExitFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetExitFileRights ¶ added in v0.49.0
GetExitFileRights returns the value of the field, resolving if necessary
func (*Event) GetExitFileUid ¶ added in v0.49.0
GetExitFileUid returns the value of the field, resolving if necessary
func (*Event) GetExitFileUser ¶ added in v0.49.0
GetExitFileUser returns the value of the field, resolving if necessary
func (*Event) GetExitForkTime ¶ added in v0.49.0
GetExitForkTime returns the value of the field, resolving if necessary
func (*Event) GetExitFsgid ¶ added in v0.49.0
GetExitFsgid returns the value of the field, resolving if necessary
func (*Event) GetExitFsgroup ¶ added in v0.49.0
GetExitFsgroup returns the value of the field, resolving if necessary
func (*Event) GetExitFsuid ¶ added in v0.49.0
GetExitFsuid returns the value of the field, resolving if necessary
func (*Event) GetExitFsuser ¶ added in v0.49.0
GetExitFsuser returns the value of the field, resolving if necessary
func (*Event) GetExitGid ¶ added in v0.49.0
GetExitGid returns the value of the field, resolving if necessary
func (*Event) GetExitGroup ¶ added in v0.49.0
GetExitGroup returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileChangeTime ¶ added in v0.49.0
GetExitInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileFilesystem ¶ added in v0.49.0
GetExitInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileGid ¶ added in v0.49.0
GetExitInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileGroup ¶ added in v0.49.0
GetExitInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileHashes ¶ added in v0.49.0
GetExitInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileInUpperLayer ¶ added in v0.49.0
GetExitInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileInode ¶ added in v0.49.0
GetExitInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileMode ¶ added in v0.49.0
GetExitInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileModificationTime ¶ added in v0.49.0
GetExitInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileMountId ¶ added in v0.49.0
GetExitInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileName ¶ added in v0.49.0
GetExitInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileNameLength ¶ added in v0.49.0
GetExitInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFilePackageName ¶ added in v0.49.0
GetExitInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetExitInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFilePackageVersion ¶ added in v0.49.0
GetExitInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFilePath ¶ added in v0.49.0
GetExitInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFilePathLength ¶ added in v0.49.0
GetExitInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileRights ¶ added in v0.49.0
GetExitInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileUid ¶ added in v0.49.0
GetExitInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetExitInterpreterFileUser ¶ added in v0.49.0
GetExitInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetExitIsKworker ¶ added in v0.49.0
GetExitIsKworker returns the value of the field, resolving if necessary
func (*Event) GetExitIsThread ¶ added in v0.49.0
GetExitIsThread returns the value of the field, resolving if necessary
func (*Event) GetExitPid ¶ added in v0.49.0
GetExitPid returns the value of the field, resolving if necessary
func (*Event) GetExitPpid ¶ added in v0.49.0
GetExitPpid returns the value of the field, resolving if necessary
func (*Event) GetExitTid ¶ added in v0.49.0
GetExitTid returns the value of the field, resolving if necessary
func (*Event) GetExitTtyName ¶ added in v0.49.0
GetExitTtyName returns the value of the field, resolving if necessary
func (*Event) GetExitUid ¶ added in v0.49.0
GetExitUid returns the value of the field, resolving if necessary
func (*Event) GetExitUser ¶ added in v0.49.0
GetExitUser returns the value of the field, resolving if necessary
func (*Event) GetFieldEventType ¶
func (*Event) GetLinkFileChangeTime ¶ added in v0.49.0
GetLinkFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationChangeTime ¶ added in v0.49.0
GetLinkFileDestinationChangeTime returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationFilesystem ¶ added in v0.49.0
GetLinkFileDestinationFilesystem returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationGid ¶ added in v0.49.0
GetLinkFileDestinationGid returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationGroup ¶ added in v0.49.0
GetLinkFileDestinationGroup returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationHashes ¶ added in v0.49.0
GetLinkFileDestinationHashes returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationInUpperLayer ¶ added in v0.49.0
GetLinkFileDestinationInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationInode ¶ added in v0.49.0
GetLinkFileDestinationInode returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationMode ¶ added in v0.49.0
GetLinkFileDestinationMode returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationModificationTime ¶ added in v0.49.0
GetLinkFileDestinationModificationTime returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationMountId ¶ added in v0.49.0
GetLinkFileDestinationMountId returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationName ¶ added in v0.49.0
GetLinkFileDestinationName returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationNameLength ¶ added in v0.49.0
GetLinkFileDestinationNameLength returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationPackageName ¶ added in v0.49.0
GetLinkFileDestinationPackageName returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationPackageSourceVersion ¶ added in v0.49.0
GetLinkFileDestinationPackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationPackageVersion ¶ added in v0.49.0
GetLinkFileDestinationPackageVersion returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationPath ¶ added in v0.49.0
GetLinkFileDestinationPath returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationPathLength ¶ added in v0.49.0
GetLinkFileDestinationPathLength returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationRights ¶ added in v0.49.0
GetLinkFileDestinationRights returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationUid ¶ added in v0.49.0
GetLinkFileDestinationUid returns the value of the field, resolving if necessary
func (*Event) GetLinkFileDestinationUser ¶ added in v0.49.0
GetLinkFileDestinationUser returns the value of the field, resolving if necessary
func (*Event) GetLinkFileFilesystem ¶ added in v0.49.0
GetLinkFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetLinkFileGid ¶ added in v0.49.0
GetLinkFileGid returns the value of the field, resolving if necessary
func (*Event) GetLinkFileGroup ¶ added in v0.49.0
GetLinkFileGroup returns the value of the field, resolving if necessary
func (*Event) GetLinkFileHashes ¶ added in v0.49.0
GetLinkFileHashes returns the value of the field, resolving if necessary
func (*Event) GetLinkFileInUpperLayer ¶ added in v0.49.0
GetLinkFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetLinkFileInode ¶ added in v0.49.0
GetLinkFileInode returns the value of the field, resolving if necessary
func (*Event) GetLinkFileMode ¶ added in v0.49.0
GetLinkFileMode returns the value of the field, resolving if necessary
func (*Event) GetLinkFileModificationTime ¶ added in v0.49.0
GetLinkFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetLinkFileMountId ¶ added in v0.49.0
GetLinkFileMountId returns the value of the field, resolving if necessary
func (*Event) GetLinkFileName ¶ added in v0.49.0
GetLinkFileName returns the value of the field, resolving if necessary
func (*Event) GetLinkFileNameLength ¶ added in v0.49.0
GetLinkFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetLinkFilePackageName ¶ added in v0.49.0
GetLinkFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetLinkFilePackageSourceVersion ¶ added in v0.49.0
GetLinkFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetLinkFilePackageVersion ¶ added in v0.49.0
GetLinkFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetLinkFilePath ¶ added in v0.49.0
GetLinkFilePath returns the value of the field, resolving if necessary
func (*Event) GetLinkFilePathLength ¶ added in v0.49.0
GetLinkFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetLinkFileRights ¶ added in v0.49.0
GetLinkFileRights returns the value of the field, resolving if necessary
func (*Event) GetLinkFileUid ¶ added in v0.49.0
GetLinkFileUid returns the value of the field, resolving if necessary
func (*Event) GetLinkFileUser ¶ added in v0.49.0
GetLinkFileUser returns the value of the field, resolving if necessary
func (*Event) GetLinkRetval ¶ added in v0.49.0
GetLinkRetval returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleArgs ¶ added in v0.49.0
GetLoadModuleArgs returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleArgsTruncated ¶ added in v0.49.0
GetLoadModuleArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleArgv ¶ added in v0.49.0
GetLoadModuleArgv returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileChangeTime ¶ added in v0.49.0
GetLoadModuleFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileFilesystem ¶ added in v0.49.0
GetLoadModuleFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileGid ¶ added in v0.49.0
GetLoadModuleFileGid returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileGroup ¶ added in v0.49.0
GetLoadModuleFileGroup returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileHashes ¶ added in v0.49.0
GetLoadModuleFileHashes returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileInUpperLayer ¶ added in v0.49.0
GetLoadModuleFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileInode ¶ added in v0.49.0
GetLoadModuleFileInode returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileMode ¶ added in v0.49.0
GetLoadModuleFileMode returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileModificationTime ¶ added in v0.49.0
GetLoadModuleFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileMountId ¶ added in v0.49.0
GetLoadModuleFileMountId returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileName ¶ added in v0.49.0
GetLoadModuleFileName returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileNameLength ¶ added in v0.49.0
GetLoadModuleFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFilePackageName ¶ added in v0.49.0
GetLoadModuleFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFilePackageSourceVersion ¶ added in v0.49.0
GetLoadModuleFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFilePackageVersion ¶ added in v0.49.0
GetLoadModuleFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFilePath ¶ added in v0.49.0
GetLoadModuleFilePath returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFilePathLength ¶ added in v0.49.0
GetLoadModuleFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileRights ¶ added in v0.49.0
GetLoadModuleFileRights returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileUid ¶ added in v0.49.0
GetLoadModuleFileUid returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleFileUser ¶ added in v0.49.0
GetLoadModuleFileUser returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleLoadedFromMemory ¶ added in v0.49.0
GetLoadModuleLoadedFromMemory returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleName ¶ added in v0.49.0
GetLoadModuleName returns the value of the field, resolving if necessary
func (*Event) GetLoadModuleRetval ¶ added in v0.49.0
GetLoadModuleRetval returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileChangeTime ¶ added in v0.49.0
GetMkdirFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileDestinationMode ¶ added in v0.49.0
GetMkdirFileDestinationMode returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileDestinationRights ¶ added in v0.49.0
GetMkdirFileDestinationRights returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileFilesystem ¶ added in v0.49.0
GetMkdirFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileGid ¶ added in v0.49.0
GetMkdirFileGid returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileGroup ¶ added in v0.49.0
GetMkdirFileGroup returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileHashes ¶ added in v0.49.0
GetMkdirFileHashes returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileInUpperLayer ¶ added in v0.49.0
GetMkdirFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileInode ¶ added in v0.49.0
GetMkdirFileInode returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileMode ¶ added in v0.49.0
GetMkdirFileMode returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileModificationTime ¶ added in v0.49.0
GetMkdirFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileMountId ¶ added in v0.49.0
GetMkdirFileMountId returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileName ¶ added in v0.49.0
GetMkdirFileName returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileNameLength ¶ added in v0.49.0
GetMkdirFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetMkdirFilePackageName ¶ added in v0.49.0
GetMkdirFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetMkdirFilePackageSourceVersion ¶ added in v0.49.0
GetMkdirFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetMkdirFilePackageVersion ¶ added in v0.49.0
GetMkdirFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetMkdirFilePath ¶ added in v0.49.0
GetMkdirFilePath returns the value of the field, resolving if necessary
func (*Event) GetMkdirFilePathLength ¶ added in v0.49.0
GetMkdirFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileRights ¶ added in v0.49.0
GetMkdirFileRights returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileUid ¶ added in v0.49.0
GetMkdirFileUid returns the value of the field, resolving if necessary
func (*Event) GetMkdirFileUser ¶ added in v0.49.0
GetMkdirFileUser returns the value of the field, resolving if necessary
func (*Event) GetMkdirRetval ¶ added in v0.49.0
GetMkdirRetval returns the value of the field, resolving if necessary
func (*Event) GetMmapFileChangeTime ¶ added in v0.49.0
GetMmapFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetMmapFileFilesystem ¶ added in v0.49.0
GetMmapFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetMmapFileGid ¶ added in v0.49.0
GetMmapFileGid returns the value of the field, resolving if necessary
func (*Event) GetMmapFileGroup ¶ added in v0.49.0
GetMmapFileGroup returns the value of the field, resolving if necessary
func (*Event) GetMmapFileHashes ¶ added in v0.49.0
GetMmapFileHashes returns the value of the field, resolving if necessary
func (*Event) GetMmapFileInUpperLayer ¶ added in v0.49.0
GetMmapFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetMmapFileInode ¶ added in v0.49.0
GetMmapFileInode returns the value of the field, resolving if necessary
func (*Event) GetMmapFileMode ¶ added in v0.49.0
GetMmapFileMode returns the value of the field, resolving if necessary
func (*Event) GetMmapFileModificationTime ¶ added in v0.49.0
GetMmapFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetMmapFileMountId ¶ added in v0.49.0
GetMmapFileMountId returns the value of the field, resolving if necessary
func (*Event) GetMmapFileName ¶ added in v0.49.0
GetMmapFileName returns the value of the field, resolving if necessary
func (*Event) GetMmapFileNameLength ¶ added in v0.49.0
GetMmapFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetMmapFilePackageName ¶ added in v0.49.0
GetMmapFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetMmapFilePackageSourceVersion ¶ added in v0.49.0
GetMmapFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetMmapFilePackageVersion ¶ added in v0.49.0
GetMmapFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetMmapFilePath ¶ added in v0.49.0
GetMmapFilePath returns the value of the field, resolving if necessary
func (*Event) GetMmapFilePathLength ¶ added in v0.49.0
GetMmapFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetMmapFileRights ¶ added in v0.49.0
GetMmapFileRights returns the value of the field, resolving if necessary
func (*Event) GetMmapFileUid ¶ added in v0.49.0
GetMmapFileUid returns the value of the field, resolving if necessary
func (*Event) GetMmapFileUser ¶ added in v0.49.0
GetMmapFileUser returns the value of the field, resolving if necessary
func (*Event) GetMmapFlags ¶ added in v0.49.0
GetMmapFlags returns the value of the field, resolving if necessary
func (*Event) GetMmapProtection ¶ added in v0.49.0
GetMmapProtection returns the value of the field, resolving if necessary
func (*Event) GetMmapRetval ¶ added in v0.49.0
GetMmapRetval returns the value of the field, resolving if necessary
func (*Event) GetMountFsType ¶ added in v0.49.0
GetMountFsType returns the value of the field, resolving if necessary
func (*Event) GetMountMountpointPath ¶ added in v0.49.0
GetMountMountpointPath returns the value of the field, resolving if necessary
func (*Event) GetMountRetval ¶ added in v0.49.0
GetMountRetval returns the value of the field, resolving if necessary
func (*Event) GetMountSourcePath ¶ added in v0.49.0
GetMountSourcePath returns the value of the field, resolving if necessary
func (*Event) GetMprotectReqProtection ¶ added in v0.49.0
GetMprotectReqProtection returns the value of the field, resolving if necessary
func (*Event) GetMprotectRetval ¶ added in v0.49.0
GetMprotectRetval returns the value of the field, resolving if necessary
func (*Event) GetMprotectVmProtection ¶ added in v0.49.0
GetMprotectVmProtection returns the value of the field, resolving if necessary
func (*Event) GetNetworkDestinationIp ¶ added in v0.49.0
GetNetworkDestinationIp returns the value of the field, resolving if necessary
func (*Event) GetNetworkDestinationPort ¶ added in v0.49.0
GetNetworkDestinationPort returns the value of the field, resolving if necessary
func (*Event) GetNetworkDeviceIfindex ¶ added in v0.49.0
GetNetworkDeviceIfindex returns the value of the field, resolving if necessary
func (*Event) GetNetworkDeviceIfname ¶ added in v0.49.0
GetNetworkDeviceIfname returns the value of the field, resolving if necessary
func (*Event) GetNetworkL3Protocol ¶ added in v0.49.0
GetNetworkL3Protocol returns the value of the field, resolving if necessary
func (*Event) GetNetworkL4Protocol ¶ added in v0.49.0
GetNetworkL4Protocol returns the value of the field, resolving if necessary
func (*Event) GetNetworkSize ¶ added in v0.49.0
GetNetworkSize returns the value of the field, resolving if necessary
func (*Event) GetNetworkSourceIp ¶ added in v0.49.0
GetNetworkSourceIp returns the value of the field, resolving if necessary
func (*Event) GetNetworkSourcePort ¶ added in v0.49.0
GetNetworkSourcePort returns the value of the field, resolving if necessary
func (*Event) GetOpenFileChangeTime ¶ added in v0.49.0
GetOpenFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetOpenFileDestinationMode ¶ added in v0.49.0
GetOpenFileDestinationMode returns the value of the field, resolving if necessary
func (*Event) GetOpenFileFilesystem ¶ added in v0.49.0
GetOpenFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetOpenFileGid ¶ added in v0.49.0
GetOpenFileGid returns the value of the field, resolving if necessary
func (*Event) GetOpenFileGroup ¶ added in v0.49.0
GetOpenFileGroup returns the value of the field, resolving if necessary
func (*Event) GetOpenFileHashes ¶ added in v0.49.0
GetOpenFileHashes returns the value of the field, resolving if necessary
func (*Event) GetOpenFileInUpperLayer ¶ added in v0.49.0
GetOpenFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetOpenFileInode ¶ added in v0.49.0
GetOpenFileInode returns the value of the field, resolving if necessary
func (*Event) GetOpenFileMode ¶ added in v0.49.0
GetOpenFileMode returns the value of the field, resolving if necessary
func (*Event) GetOpenFileModificationTime ¶ added in v0.49.0
GetOpenFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetOpenFileMountId ¶ added in v0.49.0
GetOpenFileMountId returns the value of the field, resolving if necessary
func (*Event) GetOpenFileName ¶ added in v0.49.0
GetOpenFileName returns the value of the field, resolving if necessary
func (*Event) GetOpenFileNameLength ¶ added in v0.49.0
GetOpenFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetOpenFilePackageName ¶ added in v0.49.0
GetOpenFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetOpenFilePackageSourceVersion ¶ added in v0.49.0
GetOpenFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetOpenFilePackageVersion ¶ added in v0.49.0
GetOpenFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetOpenFilePath ¶ added in v0.49.0
GetOpenFilePath returns the value of the field, resolving if necessary
func (*Event) GetOpenFilePathLength ¶ added in v0.49.0
GetOpenFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetOpenFileRights ¶ added in v0.49.0
GetOpenFileRights returns the value of the field, resolving if necessary
func (*Event) GetOpenFileUid ¶ added in v0.49.0
GetOpenFileUid returns the value of the field, resolving if necessary
func (*Event) GetOpenFileUser ¶ added in v0.49.0
GetOpenFileUser returns the value of the field, resolving if necessary
func (*Event) GetOpenFlags ¶ added in v0.49.0
GetOpenFlags returns the value of the field, resolving if necessary
func (*Event) GetOpenRetval ¶ added in v0.49.0
GetOpenRetval returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgs ¶ added in v0.49.0
GetProcessAncestorsArgs returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgsFlags ¶ added in v0.49.0
GetProcessAncestorsArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgsOptions ¶ added in v0.49.0
GetProcessAncestorsArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgsTruncated ¶ added in v0.49.0
GetProcessAncestorsArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgv ¶ added in v0.49.0
GetProcessAncestorsArgv returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsArgv0 ¶ added in v0.49.0
GetProcessAncestorsArgv0 returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsCapEffective ¶ added in v0.49.0
GetProcessAncestorsCapEffective returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsCapPermitted ¶ added in v0.49.0
GetProcessAncestorsCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsComm ¶ added in v0.49.0
GetProcessAncestorsComm returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsContainerId ¶ added in v0.49.0
GetProcessAncestorsContainerId returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsCreatedAt ¶ added in v0.49.0
GetProcessAncestorsCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEgid ¶ added in v0.49.0
GetProcessAncestorsEgid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEgroup ¶ added in v0.49.0
GetProcessAncestorsEgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEnvp ¶ added in v0.49.0
GetProcessAncestorsEnvp returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEnvs ¶ added in v0.49.0
GetProcessAncestorsEnvs returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEnvsTruncated ¶ added in v0.49.0
GetProcessAncestorsEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEuid ¶ added in v0.49.0
GetProcessAncestorsEuid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsEuser ¶ added in v0.49.0
GetProcessAncestorsEuser returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileChangeTime ¶ added in v0.49.0
GetProcessAncestorsFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileFilesystem ¶ added in v0.49.0
GetProcessAncestorsFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileGid ¶ added in v0.49.0
GetProcessAncestorsFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileGroup ¶ added in v0.49.0
GetProcessAncestorsFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileHashes ¶ added in v0.49.0
GetProcessAncestorsFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileInUpperLayer ¶ added in v0.49.0
GetProcessAncestorsFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileInode ¶ added in v0.49.0
GetProcessAncestorsFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileMode ¶ added in v0.49.0
GetProcessAncestorsFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileModificationTime ¶ added in v0.49.0
GetProcessAncestorsFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileMountId ¶ added in v0.49.0
GetProcessAncestorsFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileName ¶ added in v0.49.0
GetProcessAncestorsFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileNameLength ¶ added in v0.49.0
GetProcessAncestorsFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFilePackageName ¶ added in v0.49.0
GetProcessAncestorsFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFilePackageSourceVersion ¶ added in v0.49.0
GetProcessAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFilePackageVersion ¶ added in v0.49.0
GetProcessAncestorsFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFilePath ¶ added in v0.49.0
GetProcessAncestorsFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFilePathLength ¶ added in v0.49.0
GetProcessAncestorsFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileRights ¶ added in v0.49.0
GetProcessAncestorsFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileUid ¶ added in v0.49.0
GetProcessAncestorsFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFileUser ¶ added in v0.49.0
GetProcessAncestorsFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFsgid ¶ added in v0.49.0
GetProcessAncestorsFsgid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFsgroup ¶ added in v0.49.0
GetProcessAncestorsFsgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFsuid ¶ added in v0.49.0
GetProcessAncestorsFsuid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsFsuser ¶ added in v0.49.0
GetProcessAncestorsFsuser returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsGid ¶ added in v0.49.0
GetProcessAncestorsGid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsGroup ¶ added in v0.49.0
GetProcessAncestorsGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileChangeTime ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileFilesystem ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileGid ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileGroup ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileHashes ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileInUpperLayer ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileInode ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileMode ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileModificationTime ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileMountId ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileName ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileNameLength ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFilePackageName ¶ added in v0.49.0
GetProcessAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetProcessAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFilePackageVersion ¶ added in v0.49.0
GetProcessAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFilePath ¶ added in v0.49.0
GetProcessAncestorsInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFilePathLength ¶ added in v0.49.0
GetProcessAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileRights ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileUid ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsInterpreterFileUser ¶ added in v0.49.0
GetProcessAncestorsInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsIsKworker ¶ added in v0.49.0
GetProcessAncestorsIsKworker returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsIsThread ¶ added in v0.49.0
GetProcessAncestorsIsThread returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsPid ¶ added in v0.49.0
GetProcessAncestorsPid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsPpid ¶ added in v0.49.0
GetProcessAncestorsPpid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsTid ¶ added in v0.49.0
GetProcessAncestorsTid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsTtyName ¶ added in v0.49.0
GetProcessAncestorsTtyName returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsUid ¶ added in v0.49.0
GetProcessAncestorsUid returns the value of the field, resolving if necessary
func (*Event) GetProcessAncestorsUser ¶ added in v0.49.0
GetProcessAncestorsUser returns the value of the field, resolving if necessary
func (*Event) GetProcessArgs ¶ added in v0.49.0
GetProcessArgs returns the value of the field, resolving if necessary
func (*Event) GetProcessArgsFlags ¶ added in v0.49.0
GetProcessArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetProcessArgsOptions ¶ added in v0.49.0
GetProcessArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetProcessArgsTruncated ¶ added in v0.49.0
GetProcessArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessArgv ¶ added in v0.49.0
GetProcessArgv returns the value of the field, resolving if necessary
func (*Event) GetProcessArgv0 ¶ added in v0.49.0
GetProcessArgv0 returns the value of the field, resolving if necessary
func (*Event) GetProcessCapEffective ¶ added in v0.49.0
GetProcessCapEffective returns the value of the field, resolving if necessary
func (*Event) GetProcessCapPermitted ¶ added in v0.49.0
GetProcessCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetProcessComm ¶ added in v0.49.0
GetProcessComm returns the value of the field, resolving if necessary
func (*Event) GetProcessContainerId ¶ added in v0.49.0
GetProcessContainerId returns the value of the field, resolving if necessary
func (*Event) GetProcessCreatedAt ¶ added in v0.49.0
GetProcessCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetProcessEgid ¶ added in v0.49.0
GetProcessEgid returns the value of the field, resolving if necessary
func (*Event) GetProcessEgroup ¶ added in v0.49.0
GetProcessEgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessEnvp ¶ added in v0.49.0
GetProcessEnvp returns the value of the field, resolving if necessary
func (*Event) GetProcessEnvs ¶ added in v0.49.0
GetProcessEnvs returns the value of the field, resolving if necessary
func (*Event) GetProcessEnvsTruncated ¶ added in v0.49.0
GetProcessEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessEuid ¶ added in v0.49.0
GetProcessEuid returns the value of the field, resolving if necessary
func (*Event) GetProcessEuser ¶ added in v0.49.0
GetProcessEuser returns the value of the field, resolving if necessary
func (*Event) GetProcessExecTime ¶ added in v0.49.0
GetProcessExecTime returns the value of the field, resolving if necessary
func (*Event) GetProcessExitTime ¶ added in v0.49.0
GetProcessExitTime returns the value of the field, resolving if necessary
func (*Event) GetProcessFileChangeTime ¶ added in v0.49.0
GetProcessFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessFileFilesystem ¶ added in v0.49.0
GetProcessFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessFileGid ¶ added in v0.49.0
GetProcessFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessFileGroup ¶ added in v0.49.0
GetProcessFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessFileHashes ¶ added in v0.49.0
GetProcessFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessFileInUpperLayer ¶ added in v0.49.0
GetProcessFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessFileInode ¶ added in v0.49.0
GetProcessFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessFileMode ¶ added in v0.49.0
GetProcessFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessFileModificationTime ¶ added in v0.49.0
GetProcessFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessFileMountId ¶ added in v0.49.0
GetProcessFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessFileName ¶ added in v0.49.0
GetProcessFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessFileNameLength ¶ added in v0.49.0
GetProcessFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessFilePackageName ¶ added in v0.49.0
GetProcessFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessFilePackageSourceVersion ¶ added in v0.49.0
GetProcessFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessFilePackageVersion ¶ added in v0.49.0
GetProcessFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessFilePath ¶ added in v0.49.0
GetProcessFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessFilePathLength ¶ added in v0.49.0
GetProcessFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessFileRights ¶ added in v0.49.0
GetProcessFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessFileUid ¶ added in v0.49.0
GetProcessFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessFileUser ¶ added in v0.49.0
GetProcessFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessForkTime ¶ added in v0.49.0
GetProcessForkTime returns the value of the field, resolving if necessary
func (*Event) GetProcessFsgid ¶ added in v0.49.0
GetProcessFsgid returns the value of the field, resolving if necessary
func (*Event) GetProcessFsgroup ¶ added in v0.49.0
GetProcessFsgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessFsuid ¶ added in v0.49.0
GetProcessFsuid returns the value of the field, resolving if necessary
func (*Event) GetProcessFsuser ¶ added in v0.49.0
GetProcessFsuser returns the value of the field, resolving if necessary
func (*Event) GetProcessGid ¶ added in v0.49.0
GetProcessGid returns the value of the field, resolving if necessary
func (*Event) GetProcessGroup ¶ added in v0.49.0
GetProcessGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileChangeTime ¶ added in v0.49.0
GetProcessInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileFilesystem ¶ added in v0.49.0
GetProcessInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileGid ¶ added in v0.49.0
GetProcessInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileGroup ¶ added in v0.49.0
GetProcessInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileHashes ¶ added in v0.49.0
GetProcessInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileInUpperLayer ¶ added in v0.49.0
GetProcessInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileInode ¶ added in v0.49.0
GetProcessInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileMode ¶ added in v0.49.0
GetProcessInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileModificationTime ¶ added in v0.49.0
GetProcessInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileMountId ¶ added in v0.49.0
GetProcessInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileName ¶ added in v0.49.0
GetProcessInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileNameLength ¶ added in v0.49.0
GetProcessInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFilePackageName ¶ added in v0.49.0
GetProcessInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetProcessInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFilePackageVersion ¶ added in v0.49.0
GetProcessInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFilePath ¶ added in v0.49.0
GetProcessInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFilePathLength ¶ added in v0.49.0
GetProcessInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileRights ¶ added in v0.49.0
GetProcessInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileUid ¶ added in v0.49.0
GetProcessInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessInterpreterFileUser ¶ added in v0.49.0
GetProcessInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessIsKworker ¶ added in v0.49.0
GetProcessIsKworker returns the value of the field, resolving if necessary
func (*Event) GetProcessIsThread ¶ added in v0.49.0
GetProcessIsThread returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgs ¶ added in v0.49.0
GetProcessParentArgs returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgsFlags ¶ added in v0.49.0
GetProcessParentArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgsOptions ¶ added in v0.49.0
GetProcessParentArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgsTruncated ¶ added in v0.49.0
GetProcessParentArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgv ¶ added in v0.49.0
GetProcessParentArgv returns the value of the field, resolving if necessary
func (*Event) GetProcessParentArgv0 ¶ added in v0.49.0
GetProcessParentArgv0 returns the value of the field, resolving if necessary
func (*Event) GetProcessParentCapEffective ¶ added in v0.49.0
GetProcessParentCapEffective returns the value of the field, resolving if necessary
func (*Event) GetProcessParentCapPermitted ¶ added in v0.49.0
GetProcessParentCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetProcessParentComm ¶ added in v0.49.0
GetProcessParentComm returns the value of the field, resolving if necessary
func (*Event) GetProcessParentContainerId ¶ added in v0.49.0
GetProcessParentContainerId returns the value of the field, resolving if necessary
func (*Event) GetProcessParentCreatedAt ¶ added in v0.49.0
GetProcessParentCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEgid ¶ added in v0.49.0
GetProcessParentEgid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEgroup ¶ added in v0.49.0
GetProcessParentEgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEnvp ¶ added in v0.49.0
GetProcessParentEnvp returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEnvs ¶ added in v0.49.0
GetProcessParentEnvs returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEnvsTruncated ¶ added in v0.49.0
GetProcessParentEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEuid ¶ added in v0.49.0
GetProcessParentEuid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentEuser ¶ added in v0.49.0
GetProcessParentEuser returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileChangeTime ¶ added in v0.49.0
GetProcessParentFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileFilesystem ¶ added in v0.49.0
GetProcessParentFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileGid ¶ added in v0.49.0
GetProcessParentFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileGroup ¶ added in v0.49.0
GetProcessParentFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileHashes ¶ added in v0.49.0
GetProcessParentFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileInUpperLayer ¶ added in v0.49.0
GetProcessParentFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileInode ¶ added in v0.49.0
GetProcessParentFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileMode ¶ added in v0.49.0
GetProcessParentFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileModificationTime ¶ added in v0.49.0
GetProcessParentFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileMountId ¶ added in v0.49.0
GetProcessParentFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileName ¶ added in v0.49.0
GetProcessParentFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileNameLength ¶ added in v0.49.0
GetProcessParentFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFilePackageName ¶ added in v0.49.0
GetProcessParentFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFilePackageSourceVersion ¶ added in v0.49.0
GetProcessParentFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFilePackageVersion ¶ added in v0.49.0
GetProcessParentFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFilePath ¶ added in v0.49.0
GetProcessParentFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFilePathLength ¶ added in v0.49.0
GetProcessParentFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileRights ¶ added in v0.49.0
GetProcessParentFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileUid ¶ added in v0.49.0
GetProcessParentFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFileUser ¶ added in v0.49.0
GetProcessParentFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFsgid ¶ added in v0.49.0
GetProcessParentFsgid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFsgroup ¶ added in v0.49.0
GetProcessParentFsgroup returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFsuid ¶ added in v0.49.0
GetProcessParentFsuid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentFsuser ¶ added in v0.49.0
GetProcessParentFsuser returns the value of the field, resolving if necessary
func (*Event) GetProcessParentGid ¶ added in v0.49.0
GetProcessParentGid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentGroup ¶ added in v0.49.0
GetProcessParentGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileChangeTime ¶ added in v0.49.0
GetProcessParentInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileFilesystem ¶ added in v0.49.0
GetProcessParentInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileGid ¶ added in v0.49.0
GetProcessParentInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileGroup ¶ added in v0.49.0
GetProcessParentInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileHashes ¶ added in v0.49.0
GetProcessParentInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileInUpperLayer ¶ added in v0.49.0
GetProcessParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileInode ¶ added in v0.49.0
GetProcessParentInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileMode ¶ added in v0.49.0
GetProcessParentInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileModificationTime ¶ added in v0.49.0
GetProcessParentInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileMountId ¶ added in v0.49.0
GetProcessParentInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileName ¶ added in v0.49.0
GetProcessParentInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileNameLength ¶ added in v0.49.0
GetProcessParentInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFilePackageName ¶ added in v0.49.0
GetProcessParentInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetProcessParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFilePackageVersion ¶ added in v0.49.0
GetProcessParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFilePath ¶ added in v0.49.0
GetProcessParentInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFilePathLength ¶ added in v0.49.0
GetProcessParentInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileRights ¶ added in v0.49.0
GetProcessParentInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileUid ¶ added in v0.49.0
GetProcessParentInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentInterpreterFileUser ¶ added in v0.49.0
GetProcessParentInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetProcessParentIsKworker ¶ added in v0.49.0
GetProcessParentIsKworker returns the value of the field, resolving if necessary
func (*Event) GetProcessParentIsThread ¶ added in v0.49.0
GetProcessParentIsThread returns the value of the field, resolving if necessary
func (*Event) GetProcessParentPid ¶ added in v0.49.0
GetProcessParentPid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentPpid ¶ added in v0.49.0
GetProcessParentPpid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentTid ¶ added in v0.49.0
GetProcessParentTid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentTtyName ¶ added in v0.49.0
GetProcessParentTtyName returns the value of the field, resolving if necessary
func (*Event) GetProcessParentUid ¶ added in v0.49.0
GetProcessParentUid returns the value of the field, resolving if necessary
func (*Event) GetProcessParentUser ¶ added in v0.49.0
GetProcessParentUser returns the value of the field, resolving if necessary
func (*Event) GetProcessPid ¶ added in v0.49.0
GetProcessPid returns the value of the field, resolving if necessary
func (*Event) GetProcessPpid ¶ added in v0.49.0
GetProcessPpid returns the value of the field, resolving if necessary
func (*Event) GetProcessService ¶ added in v0.46.0
GetProcessService uses the field handler
func (*Event) GetProcessTid ¶ added in v0.49.0
GetProcessTid returns the value of the field, resolving if necessary
func (*Event) GetProcessTtyName ¶ added in v0.49.0
GetProcessTtyName returns the value of the field, resolving if necessary
func (*Event) GetProcessUid ¶ added in v0.49.0
GetProcessUid returns the value of the field, resolving if necessary
func (*Event) GetProcessUser ¶ added in v0.49.0
GetProcessUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceRequest ¶ added in v0.49.0
GetPtraceRequest returns the value of the field, resolving if necessary
func (*Event) GetPtraceRetval ¶ added in v0.49.0
GetPtraceRetval returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgs ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgsFlags ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgsOptions ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgsTruncated ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgv ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgv returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsArgv0 ¶ added in v0.49.0
GetPtraceTraceeAncestorsArgv0 returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsCapEffective ¶ added in v0.49.0
GetPtraceTraceeAncestorsCapEffective returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsCapPermitted ¶ added in v0.49.0
GetPtraceTraceeAncestorsCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsComm ¶ added in v0.49.0
GetPtraceTraceeAncestorsComm returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsContainerId ¶ added in v0.49.0
GetPtraceTraceeAncestorsContainerId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsCreatedAt ¶ added in v0.49.0
GetPtraceTraceeAncestorsCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEgid ¶ added in v0.49.0
GetPtraceTraceeAncestorsEgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEgroup ¶ added in v0.49.0
GetPtraceTraceeAncestorsEgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEnvp ¶ added in v0.49.0
GetPtraceTraceeAncestorsEnvp returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEnvs ¶ added in v0.49.0
GetPtraceTraceeAncestorsEnvs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEnvsTruncated ¶ added in v0.49.0
GetPtraceTraceeAncestorsEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEuid ¶ added in v0.49.0
GetPtraceTraceeAncestorsEuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsEuser ¶ added in v0.49.0
GetPtraceTraceeAncestorsEuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileGid ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileGroup ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileHashes ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileInode ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileMode ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileMountId ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileName ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileNameLength ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFilePackageName ¶ added in v0.49.0
GetPtraceTraceeAncestorsFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeAncestorsFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFilePath ¶ added in v0.49.0
GetPtraceTraceeAncestorsFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFilePathLength ¶ added in v0.49.0
GetPtraceTraceeAncestorsFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileRights ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileUid ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFileUser ¶ added in v0.49.0
GetPtraceTraceeAncestorsFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFsgid ¶ added in v0.49.0
GetPtraceTraceeAncestorsFsgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFsgroup ¶ added in v0.49.0
GetPtraceTraceeAncestorsFsgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFsuid ¶ added in v0.49.0
GetPtraceTraceeAncestorsFsuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsFsuser ¶ added in v0.49.0
GetPtraceTraceeAncestorsFsuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsGid ¶ added in v0.49.0
GetPtraceTraceeAncestorsGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsGroup ¶ added in v0.49.0
GetPtraceTraceeAncestorsGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileGid ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileGroup ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileHashes ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileInode ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileMode ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileMountId ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileName ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileNameLength ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageName ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFilePath ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFilePathLength ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileRights ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileUid ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsInterpreterFileUser ¶ added in v0.49.0
GetPtraceTraceeAncestorsInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsIsKworker ¶ added in v0.49.0
GetPtraceTraceeAncestorsIsKworker returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsIsThread ¶ added in v0.49.0
GetPtraceTraceeAncestorsIsThread returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsPid ¶ added in v0.49.0
GetPtraceTraceeAncestorsPid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsPpid ¶ added in v0.49.0
GetPtraceTraceeAncestorsPpid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsTid ¶ added in v0.49.0
GetPtraceTraceeAncestorsTid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsTtyName ¶ added in v0.49.0
GetPtraceTraceeAncestorsTtyName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsUid ¶ added in v0.49.0
GetPtraceTraceeAncestorsUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeAncestorsUser ¶ added in v0.49.0
GetPtraceTraceeAncestorsUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgs ¶ added in v0.49.0
GetPtraceTraceeArgs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgsFlags ¶ added in v0.49.0
GetPtraceTraceeArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgsOptions ¶ added in v0.49.0
GetPtraceTraceeArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgsTruncated ¶ added in v0.49.0
GetPtraceTraceeArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgv ¶ added in v0.49.0
GetPtraceTraceeArgv returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeArgv0 ¶ added in v0.49.0
GetPtraceTraceeArgv0 returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeCapEffective ¶ added in v0.49.0
GetPtraceTraceeCapEffective returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeCapPermitted ¶ added in v0.49.0
GetPtraceTraceeCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeComm ¶ added in v0.49.0
GetPtraceTraceeComm returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeContainerId ¶ added in v0.49.0
GetPtraceTraceeContainerId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeCreatedAt ¶ added in v0.49.0
GetPtraceTraceeCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEgid ¶ added in v0.49.0
GetPtraceTraceeEgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEgroup ¶ added in v0.49.0
GetPtraceTraceeEgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEnvp ¶ added in v0.49.0
GetPtraceTraceeEnvp returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEnvs ¶ added in v0.49.0
GetPtraceTraceeEnvs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEnvsTruncated ¶ added in v0.49.0
GetPtraceTraceeEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEuid ¶ added in v0.49.0
GetPtraceTraceeEuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeEuser ¶ added in v0.49.0
GetPtraceTraceeEuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeExecTime ¶ added in v0.49.0
GetPtraceTraceeExecTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeExitTime ¶ added in v0.49.0
GetPtraceTraceeExitTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileGid ¶ added in v0.49.0
GetPtraceTraceeFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileGroup ¶ added in v0.49.0
GetPtraceTraceeFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileHashes ¶ added in v0.49.0
GetPtraceTraceeFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileInode ¶ added in v0.49.0
GetPtraceTraceeFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileMode ¶ added in v0.49.0
GetPtraceTraceeFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileMountId ¶ added in v0.49.0
GetPtraceTraceeFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileName ¶ added in v0.49.0
GetPtraceTraceeFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileNameLength ¶ added in v0.49.0
GetPtraceTraceeFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFilePackageName ¶ added in v0.49.0
GetPtraceTraceeFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFilePath ¶ added in v0.49.0
GetPtraceTraceeFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFilePathLength ¶ added in v0.49.0
GetPtraceTraceeFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileRights ¶ added in v0.49.0
GetPtraceTraceeFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileUid ¶ added in v0.49.0
GetPtraceTraceeFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFileUser ¶ added in v0.49.0
GetPtraceTraceeFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeForkTime ¶ added in v0.49.0
GetPtraceTraceeForkTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFsgid ¶ added in v0.49.0
GetPtraceTraceeFsgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFsgroup ¶ added in v0.49.0
GetPtraceTraceeFsgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFsuid ¶ added in v0.49.0
GetPtraceTraceeFsuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeFsuser ¶ added in v0.49.0
GetPtraceTraceeFsuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeGid ¶ added in v0.49.0
GetPtraceTraceeGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeGroup ¶ added in v0.49.0
GetPtraceTraceeGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileGid ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileGroup ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileHashes ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileInode ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileMode ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileMountId ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileName ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileNameLength ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFilePackageName ¶ added in v0.49.0
GetPtraceTraceeInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFilePath ¶ added in v0.49.0
GetPtraceTraceeInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFilePathLength ¶ added in v0.49.0
GetPtraceTraceeInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileRights ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileUid ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeInterpreterFileUser ¶ added in v0.49.0
GetPtraceTraceeInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeIsKworker ¶ added in v0.49.0
GetPtraceTraceeIsKworker returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeIsThread ¶ added in v0.49.0
GetPtraceTraceeIsThread returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgs ¶ added in v0.49.0
GetPtraceTraceeParentArgs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgsFlags ¶ added in v0.49.0
GetPtraceTraceeParentArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgsOptions ¶ added in v0.49.0
GetPtraceTraceeParentArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgsTruncated ¶ added in v0.49.0
GetPtraceTraceeParentArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgv ¶ added in v0.49.0
GetPtraceTraceeParentArgv returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentArgv0 ¶ added in v0.49.0
GetPtraceTraceeParentArgv0 returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentCapEffective ¶ added in v0.49.0
GetPtraceTraceeParentCapEffective returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentCapPermitted ¶ added in v0.49.0
GetPtraceTraceeParentCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentComm ¶ added in v0.49.0
GetPtraceTraceeParentComm returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentContainerId ¶ added in v0.49.0
GetPtraceTraceeParentContainerId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentCreatedAt ¶ added in v0.49.0
GetPtraceTraceeParentCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEgid ¶ added in v0.49.0
GetPtraceTraceeParentEgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEgroup ¶ added in v0.49.0
GetPtraceTraceeParentEgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEnvp ¶ added in v0.49.0
GetPtraceTraceeParentEnvp returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEnvs ¶ added in v0.49.0
GetPtraceTraceeParentEnvs returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEnvsTruncated ¶ added in v0.49.0
GetPtraceTraceeParentEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEuid ¶ added in v0.49.0
GetPtraceTraceeParentEuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentEuser ¶ added in v0.49.0
GetPtraceTraceeParentEuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeParentFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeParentFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileGid ¶ added in v0.49.0
GetPtraceTraceeParentFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileGroup ¶ added in v0.49.0
GetPtraceTraceeParentFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileHashes ¶ added in v0.49.0
GetPtraceTraceeParentFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeParentFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileInode ¶ added in v0.49.0
GetPtraceTraceeParentFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileMode ¶ added in v0.49.0
GetPtraceTraceeParentFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeParentFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileMountId ¶ added in v0.49.0
GetPtraceTraceeParentFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileName ¶ added in v0.49.0
GetPtraceTraceeParentFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileNameLength ¶ added in v0.49.0
GetPtraceTraceeParentFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFilePackageName ¶ added in v0.49.0
GetPtraceTraceeParentFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeParentFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeParentFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFilePath ¶ added in v0.49.0
GetPtraceTraceeParentFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFilePathLength ¶ added in v0.49.0
GetPtraceTraceeParentFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileRights ¶ added in v0.49.0
GetPtraceTraceeParentFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileUid ¶ added in v0.49.0
GetPtraceTraceeParentFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFileUser ¶ added in v0.49.0
GetPtraceTraceeParentFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFsgid ¶ added in v0.49.0
GetPtraceTraceeParentFsgid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFsgroup ¶ added in v0.49.0
GetPtraceTraceeParentFsgroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFsuid ¶ added in v0.49.0
GetPtraceTraceeParentFsuid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentFsuser ¶ added in v0.49.0
GetPtraceTraceeParentFsuser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentGid ¶ added in v0.49.0
GetPtraceTraceeParentGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentGroup ¶ added in v0.49.0
GetPtraceTraceeParentGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileChangeTime ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileFilesystem ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileGid ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileGroup ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileHashes ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileInUpperLayer ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileInode ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileMode ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileModificationTime ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileMountId ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileName ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileNameLength ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFilePackageName ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFilePackageVersion ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFilePath ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFilePathLength ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileRights ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileUid ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentInterpreterFileUser ¶ added in v0.49.0
GetPtraceTraceeParentInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentIsKworker ¶ added in v0.49.0
GetPtraceTraceeParentIsKworker returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentIsThread ¶ added in v0.49.0
GetPtraceTraceeParentIsThread returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentPid ¶ added in v0.49.0
GetPtraceTraceeParentPid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentPpid ¶ added in v0.49.0
GetPtraceTraceeParentPpid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentTid ¶ added in v0.49.0
GetPtraceTraceeParentTid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentTtyName ¶ added in v0.49.0
GetPtraceTraceeParentTtyName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentUid ¶ added in v0.49.0
GetPtraceTraceeParentUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeParentUser ¶ added in v0.49.0
GetPtraceTraceeParentUser returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceePid ¶ added in v0.49.0
GetPtraceTraceePid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceePpid ¶ added in v0.49.0
GetPtraceTraceePpid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeTid ¶ added in v0.49.0
GetPtraceTraceeTid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeTtyName ¶ added in v0.49.0
GetPtraceTraceeTtyName returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeUid ¶ added in v0.49.0
GetPtraceTraceeUid returns the value of the field, resolving if necessary
func (*Event) GetPtraceTraceeUser ¶ added in v0.49.0
GetPtraceTraceeUser returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileChangeTime ¶ added in v0.49.0
GetRemovexattrFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileDestinationName ¶ added in v0.49.0
GetRemovexattrFileDestinationName returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileDestinationNamespace ¶ added in v0.49.0
GetRemovexattrFileDestinationNamespace returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileFilesystem ¶ added in v0.49.0
GetRemovexattrFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileGid ¶ added in v0.49.0
GetRemovexattrFileGid returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileGroup ¶ added in v0.49.0
GetRemovexattrFileGroup returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileHashes ¶ added in v0.49.0
GetRemovexattrFileHashes returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileInUpperLayer ¶ added in v0.49.0
GetRemovexattrFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileInode ¶ added in v0.49.0
GetRemovexattrFileInode returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileMode ¶ added in v0.49.0
GetRemovexattrFileMode returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileModificationTime ¶ added in v0.49.0
GetRemovexattrFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileMountId ¶ added in v0.49.0
GetRemovexattrFileMountId returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileName ¶ added in v0.49.0
GetRemovexattrFileName returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileNameLength ¶ added in v0.49.0
GetRemovexattrFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFilePackageName ¶ added in v0.49.0
GetRemovexattrFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFilePackageSourceVersion ¶ added in v0.49.0
GetRemovexattrFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFilePackageVersion ¶ added in v0.49.0
GetRemovexattrFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFilePath ¶ added in v0.49.0
GetRemovexattrFilePath returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFilePathLength ¶ added in v0.49.0
GetRemovexattrFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileRights ¶ added in v0.49.0
GetRemovexattrFileRights returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileUid ¶ added in v0.49.0
GetRemovexattrFileUid returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrFileUser ¶ added in v0.49.0
GetRemovexattrFileUser returns the value of the field, resolving if necessary
func (*Event) GetRemovexattrRetval ¶ added in v0.49.0
GetRemovexattrRetval returns the value of the field, resolving if necessary
func (*Event) GetRenameFileChangeTime ¶ added in v0.49.0
GetRenameFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationChangeTime ¶ added in v0.49.0
GetRenameFileDestinationChangeTime returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationFilesystem ¶ added in v0.49.0
GetRenameFileDestinationFilesystem returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationGid ¶ added in v0.49.0
GetRenameFileDestinationGid returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationGroup ¶ added in v0.49.0
GetRenameFileDestinationGroup returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationHashes ¶ added in v0.49.0
GetRenameFileDestinationHashes returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationInUpperLayer ¶ added in v0.49.0
GetRenameFileDestinationInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationInode ¶ added in v0.49.0
GetRenameFileDestinationInode returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationMode ¶ added in v0.49.0
GetRenameFileDestinationMode returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationModificationTime ¶ added in v0.49.0
GetRenameFileDestinationModificationTime returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationMountId ¶ added in v0.49.0
GetRenameFileDestinationMountId returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationName ¶ added in v0.49.0
GetRenameFileDestinationName returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationNameLength ¶ added in v0.49.0
GetRenameFileDestinationNameLength returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationPackageName ¶ added in v0.49.0
GetRenameFileDestinationPackageName returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationPackageSourceVersion ¶ added in v0.49.0
GetRenameFileDestinationPackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationPackageVersion ¶ added in v0.49.0
GetRenameFileDestinationPackageVersion returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationPath ¶ added in v0.49.0
GetRenameFileDestinationPath returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationPathLength ¶ added in v0.49.0
GetRenameFileDestinationPathLength returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationRights ¶ added in v0.49.0
GetRenameFileDestinationRights returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationUid ¶ added in v0.49.0
GetRenameFileDestinationUid returns the value of the field, resolving if necessary
func (*Event) GetRenameFileDestinationUser ¶ added in v0.49.0
GetRenameFileDestinationUser returns the value of the field, resolving if necessary
func (*Event) GetRenameFileFilesystem ¶ added in v0.49.0
GetRenameFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetRenameFileGid ¶ added in v0.49.0
GetRenameFileGid returns the value of the field, resolving if necessary
func (*Event) GetRenameFileGroup ¶ added in v0.49.0
GetRenameFileGroup returns the value of the field, resolving if necessary
func (*Event) GetRenameFileHashes ¶ added in v0.49.0
GetRenameFileHashes returns the value of the field, resolving if necessary
func (*Event) GetRenameFileInUpperLayer ¶ added in v0.49.0
GetRenameFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetRenameFileInode ¶ added in v0.49.0
GetRenameFileInode returns the value of the field, resolving if necessary
func (*Event) GetRenameFileMode ¶ added in v0.49.0
GetRenameFileMode returns the value of the field, resolving if necessary
func (*Event) GetRenameFileModificationTime ¶ added in v0.49.0
GetRenameFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetRenameFileMountId ¶ added in v0.49.0
GetRenameFileMountId returns the value of the field, resolving if necessary
func (*Event) GetRenameFileName ¶ added in v0.49.0
GetRenameFileName returns the value of the field, resolving if necessary
func (*Event) GetRenameFileNameLength ¶ added in v0.49.0
GetRenameFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetRenameFilePackageName ¶ added in v0.49.0
GetRenameFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetRenameFilePackageSourceVersion ¶ added in v0.49.0
GetRenameFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetRenameFilePackageVersion ¶ added in v0.49.0
GetRenameFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetRenameFilePath ¶ added in v0.49.0
GetRenameFilePath returns the value of the field, resolving if necessary
func (*Event) GetRenameFilePathLength ¶ added in v0.49.0
GetRenameFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetRenameFileRights ¶ added in v0.49.0
GetRenameFileRights returns the value of the field, resolving if necessary
func (*Event) GetRenameFileUid ¶ added in v0.49.0
GetRenameFileUid returns the value of the field, resolving if necessary
func (*Event) GetRenameFileUser ¶ added in v0.49.0
GetRenameFileUser returns the value of the field, resolving if necessary
func (*Event) GetRenameRetval ¶ added in v0.49.0
GetRenameRetval returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileChangeTime ¶ added in v0.49.0
GetRmdirFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileFilesystem ¶ added in v0.49.0
GetRmdirFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileGid ¶ added in v0.49.0
GetRmdirFileGid returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileGroup ¶ added in v0.49.0
GetRmdirFileGroup returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileHashes ¶ added in v0.49.0
GetRmdirFileHashes returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileInUpperLayer ¶ added in v0.49.0
GetRmdirFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileInode ¶ added in v0.49.0
GetRmdirFileInode returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileMode ¶ added in v0.49.0
GetRmdirFileMode returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileModificationTime ¶ added in v0.49.0
GetRmdirFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileMountId ¶ added in v0.49.0
GetRmdirFileMountId returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileName ¶ added in v0.49.0
GetRmdirFileName returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileNameLength ¶ added in v0.49.0
GetRmdirFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetRmdirFilePackageName ¶ added in v0.49.0
GetRmdirFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetRmdirFilePackageSourceVersion ¶ added in v0.49.0
GetRmdirFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetRmdirFilePackageVersion ¶ added in v0.49.0
GetRmdirFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetRmdirFilePath ¶ added in v0.49.0
GetRmdirFilePath returns the value of the field, resolving if necessary
func (*Event) GetRmdirFilePathLength ¶ added in v0.49.0
GetRmdirFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileRights ¶ added in v0.49.0
GetRmdirFileRights returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileUid ¶ added in v0.49.0
GetRmdirFileUid returns the value of the field, resolving if necessary
func (*Event) GetRmdirFileUser ¶ added in v0.49.0
GetRmdirFileUser returns the value of the field, resolving if necessary
func (*Event) GetRmdirRetval ¶ added in v0.49.0
GetRmdirRetval returns the value of the field, resolving if necessary
func (*Event) GetSelinuxBoolCommitState ¶ added in v0.49.0
GetSelinuxBoolCommitState returns the value of the field, resolving if necessary
func (*Event) GetSelinuxBoolName ¶ added in v0.49.0
GetSelinuxBoolName returns the value of the field, resolving if necessary
func (*Event) GetSelinuxBoolState ¶ added in v0.49.0
GetSelinuxBoolState returns the value of the field, resolving if necessary
func (*Event) GetSelinuxEnforceStatus ¶ added in v0.49.0
GetSelinuxEnforceStatus returns the value of the field, resolving if necessary
func (*Event) GetSetgidEgid ¶ added in v0.49.0
GetSetgidEgid returns the value of the field, resolving if necessary
func (*Event) GetSetgidEgroup ¶ added in v0.49.0
GetSetgidEgroup returns the value of the field, resolving if necessary
func (*Event) GetSetgidFsgid ¶ added in v0.49.0
GetSetgidFsgid returns the value of the field, resolving if necessary
func (*Event) GetSetgidFsgroup ¶ added in v0.49.0
GetSetgidFsgroup returns the value of the field, resolving if necessary
func (*Event) GetSetgidGid ¶ added in v0.49.0
GetSetgidGid returns the value of the field, resolving if necessary
func (*Event) GetSetgidGroup ¶ added in v0.49.0
GetSetgidGroup returns the value of the field, resolving if necessary
func (*Event) GetSetuidEuid ¶ added in v0.49.0
GetSetuidEuid returns the value of the field, resolving if necessary
func (*Event) GetSetuidEuser ¶ added in v0.49.0
GetSetuidEuser returns the value of the field, resolving if necessary
func (*Event) GetSetuidFsuid ¶ added in v0.49.0
GetSetuidFsuid returns the value of the field, resolving if necessary
func (*Event) GetSetuidFsuser ¶ added in v0.49.0
GetSetuidFsuser returns the value of the field, resolving if necessary
func (*Event) GetSetuidUid ¶ added in v0.49.0
GetSetuidUid returns the value of the field, resolving if necessary
func (*Event) GetSetuidUser ¶ added in v0.49.0
GetSetuidUser returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileChangeTime ¶ added in v0.49.0
GetSetxattrFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileDestinationName ¶ added in v0.49.0
GetSetxattrFileDestinationName returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileDestinationNamespace ¶ added in v0.49.0
GetSetxattrFileDestinationNamespace returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileFilesystem ¶ added in v0.49.0
GetSetxattrFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileGid ¶ added in v0.49.0
GetSetxattrFileGid returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileGroup ¶ added in v0.49.0
GetSetxattrFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileHashes ¶ added in v0.49.0
GetSetxattrFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileInUpperLayer ¶ added in v0.49.0
GetSetxattrFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileInode ¶ added in v0.49.0
GetSetxattrFileInode returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileMode ¶ added in v0.49.0
GetSetxattrFileMode returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileModificationTime ¶ added in v0.49.0
GetSetxattrFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileMountId ¶ added in v0.49.0
GetSetxattrFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileName ¶ added in v0.49.0
GetSetxattrFileName returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileNameLength ¶ added in v0.49.0
GetSetxattrFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFilePackageName ¶ added in v0.49.0
GetSetxattrFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFilePackageSourceVersion ¶ added in v0.49.0
GetSetxattrFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFilePackageVersion ¶ added in v0.49.0
GetSetxattrFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFilePath ¶ added in v0.49.0
GetSetxattrFilePath returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFilePathLength ¶ added in v0.49.0
GetSetxattrFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileRights ¶ added in v0.49.0
GetSetxattrFileRights returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileUid ¶ added in v0.49.0
GetSetxattrFileUid returns the value of the field, resolving if necessary
func (*Event) GetSetxattrFileUser ¶ added in v0.49.0
GetSetxattrFileUser returns the value of the field, resolving if necessary
func (*Event) GetSetxattrRetval ¶ added in v0.49.0
GetSetxattrRetval returns the value of the field, resolving if necessary
func (*Event) GetSignalPid ¶ added in v0.49.0
GetSignalPid returns the value of the field, resolving if necessary
func (*Event) GetSignalRetval ¶ added in v0.49.0
GetSignalRetval returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgs ¶ added in v0.49.0
GetSignalTargetAncestorsArgs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgsFlags ¶ added in v0.49.0
GetSignalTargetAncestorsArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgsOptions ¶ added in v0.49.0
GetSignalTargetAncestorsArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgsTruncated ¶ added in v0.49.0
GetSignalTargetAncestorsArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgv ¶ added in v0.49.0
GetSignalTargetAncestorsArgv returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsArgv0 ¶ added in v0.49.0
GetSignalTargetAncestorsArgv0 returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsCapEffective ¶ added in v0.49.0
GetSignalTargetAncestorsCapEffective returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsCapPermitted ¶ added in v0.49.0
GetSignalTargetAncestorsCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsComm ¶ added in v0.49.0
GetSignalTargetAncestorsComm returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsContainerId ¶ added in v0.49.0
GetSignalTargetAncestorsContainerId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsCreatedAt ¶ added in v0.49.0
GetSignalTargetAncestorsCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEgid ¶ added in v0.49.0
GetSignalTargetAncestorsEgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEgroup ¶ added in v0.49.0
GetSignalTargetAncestorsEgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEnvp ¶ added in v0.49.0
GetSignalTargetAncestorsEnvp returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEnvs ¶ added in v0.49.0
GetSignalTargetAncestorsEnvs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEnvsTruncated ¶ added in v0.49.0
GetSignalTargetAncestorsEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEuid ¶ added in v0.49.0
GetSignalTargetAncestorsEuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsEuser ¶ added in v0.49.0
GetSignalTargetAncestorsEuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileChangeTime ¶ added in v0.49.0
GetSignalTargetAncestorsFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileFilesystem ¶ added in v0.49.0
GetSignalTargetAncestorsFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileGid ¶ added in v0.49.0
GetSignalTargetAncestorsFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileGroup ¶ added in v0.49.0
GetSignalTargetAncestorsFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileHashes ¶ added in v0.49.0
GetSignalTargetAncestorsFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetAncestorsFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileInode ¶ added in v0.49.0
GetSignalTargetAncestorsFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileMode ¶ added in v0.49.0
GetSignalTargetAncestorsFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileModificationTime ¶ added in v0.49.0
GetSignalTargetAncestorsFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileMountId ¶ added in v0.49.0
GetSignalTargetAncestorsFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileName ¶ added in v0.49.0
GetSignalTargetAncestorsFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileNameLength ¶ added in v0.49.0
GetSignalTargetAncestorsFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFilePackageName ¶ added in v0.49.0
GetSignalTargetAncestorsFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFilePackageVersion ¶ added in v0.49.0
GetSignalTargetAncestorsFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFilePath ¶ added in v0.49.0
GetSignalTargetAncestorsFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFilePathLength ¶ added in v0.49.0
GetSignalTargetAncestorsFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileRights ¶ added in v0.49.0
GetSignalTargetAncestorsFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileUid ¶ added in v0.49.0
GetSignalTargetAncestorsFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFileUser ¶ added in v0.49.0
GetSignalTargetAncestorsFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFsgid ¶ added in v0.49.0
GetSignalTargetAncestorsFsgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFsgroup ¶ added in v0.49.0
GetSignalTargetAncestorsFsgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFsuid ¶ added in v0.49.0
GetSignalTargetAncestorsFsuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsFsuser ¶ added in v0.49.0
GetSignalTargetAncestorsFsuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsGid ¶ added in v0.49.0
GetSignalTargetAncestorsGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsGroup ¶ added in v0.49.0
GetSignalTargetAncestorsGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileChangeTime ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileFilesystem ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileGid ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileGroup ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileHashes ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileInode ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileMode ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileModificationTime ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileMountId ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileName ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileNameLength ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFilePackageName ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFilePackageVersion ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFilePath ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFilePathLength ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileRights ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileUid ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsInterpreterFileUser ¶ added in v0.49.0
GetSignalTargetAncestorsInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsIsKworker ¶ added in v0.49.0
GetSignalTargetAncestorsIsKworker returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsIsThread ¶ added in v0.49.0
GetSignalTargetAncestorsIsThread returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsPid ¶ added in v0.49.0
GetSignalTargetAncestorsPid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsPpid ¶ added in v0.49.0
GetSignalTargetAncestorsPpid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsTid ¶ added in v0.49.0
GetSignalTargetAncestorsTid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsTtyName ¶ added in v0.49.0
GetSignalTargetAncestorsTtyName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsUid ¶ added in v0.49.0
GetSignalTargetAncestorsUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetAncestorsUser ¶ added in v0.49.0
GetSignalTargetAncestorsUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgs ¶ added in v0.49.0
GetSignalTargetArgs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgsFlags ¶ added in v0.49.0
GetSignalTargetArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgsOptions ¶ added in v0.49.0
GetSignalTargetArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgsTruncated ¶ added in v0.49.0
GetSignalTargetArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgv ¶ added in v0.49.0
GetSignalTargetArgv returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetArgv0 ¶ added in v0.49.0
GetSignalTargetArgv0 returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetCapEffective ¶ added in v0.49.0
GetSignalTargetCapEffective returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetCapPermitted ¶ added in v0.49.0
GetSignalTargetCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetComm ¶ added in v0.49.0
GetSignalTargetComm returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetContainerId ¶ added in v0.49.0
GetSignalTargetContainerId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetCreatedAt ¶ added in v0.49.0
GetSignalTargetCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEgid ¶ added in v0.49.0
GetSignalTargetEgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEgroup ¶ added in v0.49.0
GetSignalTargetEgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEnvp ¶ added in v0.49.0
GetSignalTargetEnvp returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEnvs ¶ added in v0.49.0
GetSignalTargetEnvs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEnvsTruncated ¶ added in v0.49.0
GetSignalTargetEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEuid ¶ added in v0.49.0
GetSignalTargetEuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetEuser ¶ added in v0.49.0
GetSignalTargetEuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetExecTime ¶ added in v0.49.0
GetSignalTargetExecTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetExitTime ¶ added in v0.49.0
GetSignalTargetExitTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileChangeTime ¶ added in v0.49.0
GetSignalTargetFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileFilesystem ¶ added in v0.49.0
GetSignalTargetFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileGid ¶ added in v0.49.0
GetSignalTargetFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileGroup ¶ added in v0.49.0
GetSignalTargetFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileHashes ¶ added in v0.49.0
GetSignalTargetFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileInode ¶ added in v0.49.0
GetSignalTargetFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileMode ¶ added in v0.49.0
GetSignalTargetFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileModificationTime ¶ added in v0.49.0
GetSignalTargetFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileMountId ¶ added in v0.49.0
GetSignalTargetFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileName ¶ added in v0.49.0
GetSignalTargetFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileNameLength ¶ added in v0.49.0
GetSignalTargetFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFilePackageName ¶ added in v0.49.0
GetSignalTargetFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFilePackageVersion ¶ added in v0.49.0
GetSignalTargetFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFilePath ¶ added in v0.49.0
GetSignalTargetFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFilePathLength ¶ added in v0.49.0
GetSignalTargetFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileRights ¶ added in v0.49.0
GetSignalTargetFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileUid ¶ added in v0.49.0
GetSignalTargetFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFileUser ¶ added in v0.49.0
GetSignalTargetFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetForkTime ¶ added in v0.49.0
GetSignalTargetForkTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFsgid ¶ added in v0.49.0
GetSignalTargetFsgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFsgroup ¶ added in v0.49.0
GetSignalTargetFsgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFsuid ¶ added in v0.49.0
GetSignalTargetFsuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetFsuser ¶ added in v0.49.0
GetSignalTargetFsuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetGid ¶ added in v0.49.0
GetSignalTargetGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetGroup ¶ added in v0.49.0
GetSignalTargetGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileChangeTime ¶ added in v0.49.0
GetSignalTargetInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileFilesystem ¶ added in v0.49.0
GetSignalTargetInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileGid ¶ added in v0.49.0
GetSignalTargetInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileGroup ¶ added in v0.49.0
GetSignalTargetInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileHashes ¶ added in v0.49.0
GetSignalTargetInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileInode ¶ added in v0.49.0
GetSignalTargetInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileMode ¶ added in v0.49.0
GetSignalTargetInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileModificationTime ¶ added in v0.49.0
GetSignalTargetInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileMountId ¶ added in v0.49.0
GetSignalTargetInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileName ¶ added in v0.49.0
GetSignalTargetInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileNameLength ¶ added in v0.49.0
GetSignalTargetInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFilePackageName ¶ added in v0.49.0
GetSignalTargetInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFilePackageVersion ¶ added in v0.49.0
GetSignalTargetInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFilePath ¶ added in v0.49.0
GetSignalTargetInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFilePathLength ¶ added in v0.49.0
GetSignalTargetInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileRights ¶ added in v0.49.0
GetSignalTargetInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileUid ¶ added in v0.49.0
GetSignalTargetInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetInterpreterFileUser ¶ added in v0.49.0
GetSignalTargetInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetIsKworker ¶ added in v0.49.0
GetSignalTargetIsKworker returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetIsThread ¶ added in v0.49.0
GetSignalTargetIsThread returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgs ¶ added in v0.49.0
GetSignalTargetParentArgs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgsFlags ¶ added in v0.49.0
GetSignalTargetParentArgsFlags returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgsOptions ¶ added in v0.49.0
GetSignalTargetParentArgsOptions returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgsTruncated ¶ added in v0.49.0
GetSignalTargetParentArgsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgv ¶ added in v0.49.0
GetSignalTargetParentArgv returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentArgv0 ¶ added in v0.49.0
GetSignalTargetParentArgv0 returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentCapEffective ¶ added in v0.49.0
GetSignalTargetParentCapEffective returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentCapPermitted ¶ added in v0.49.0
GetSignalTargetParentCapPermitted returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentComm ¶ added in v0.49.0
GetSignalTargetParentComm returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentContainerId ¶ added in v0.49.0
GetSignalTargetParentContainerId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentCreatedAt ¶ added in v0.49.0
GetSignalTargetParentCreatedAt returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEgid ¶ added in v0.49.0
GetSignalTargetParentEgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEgroup ¶ added in v0.49.0
GetSignalTargetParentEgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEnvp ¶ added in v0.49.0
GetSignalTargetParentEnvp returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEnvs ¶ added in v0.49.0
GetSignalTargetParentEnvs returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEnvsTruncated ¶ added in v0.49.0
GetSignalTargetParentEnvsTruncated returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEuid ¶ added in v0.49.0
GetSignalTargetParentEuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentEuser ¶ added in v0.49.0
GetSignalTargetParentEuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileChangeTime ¶ added in v0.49.0
GetSignalTargetParentFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileFilesystem ¶ added in v0.49.0
GetSignalTargetParentFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileGid ¶ added in v0.49.0
GetSignalTargetParentFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileGroup ¶ added in v0.49.0
GetSignalTargetParentFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileHashes ¶ added in v0.49.0
GetSignalTargetParentFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetParentFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileInode ¶ added in v0.49.0
GetSignalTargetParentFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileMode ¶ added in v0.49.0
GetSignalTargetParentFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileModificationTime ¶ added in v0.49.0
GetSignalTargetParentFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileMountId ¶ added in v0.49.0
GetSignalTargetParentFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileName ¶ added in v0.49.0
GetSignalTargetParentFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileNameLength ¶ added in v0.49.0
GetSignalTargetParentFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFilePackageName ¶ added in v0.49.0
GetSignalTargetParentFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetParentFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFilePackageVersion ¶ added in v0.49.0
GetSignalTargetParentFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFilePath ¶ added in v0.49.0
GetSignalTargetParentFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFilePathLength ¶ added in v0.49.0
GetSignalTargetParentFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileRights ¶ added in v0.49.0
GetSignalTargetParentFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileUid ¶ added in v0.49.0
GetSignalTargetParentFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFileUser ¶ added in v0.49.0
GetSignalTargetParentFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFsgid ¶ added in v0.49.0
GetSignalTargetParentFsgid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFsgroup ¶ added in v0.49.0
GetSignalTargetParentFsgroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFsuid ¶ added in v0.49.0
GetSignalTargetParentFsuid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentFsuser ¶ added in v0.49.0
GetSignalTargetParentFsuser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentGid ¶ added in v0.49.0
GetSignalTargetParentGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentGroup ¶ added in v0.49.0
GetSignalTargetParentGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileChangeTime ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileFilesystem ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileGid ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileGid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileGroup ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileHashes ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileInUpperLayer ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileInode ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileInode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileMode ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileMode returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileModificationTime ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileMountId ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileName ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileNameLength ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFilePackageName ¶ added in v0.49.0
GetSignalTargetParentInterpreterFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFilePackageSourceVersion ¶ added in v0.49.0
GetSignalTargetParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFilePackageVersion ¶ added in v0.49.0
GetSignalTargetParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFilePath ¶ added in v0.49.0
GetSignalTargetParentInterpreterFilePath returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFilePathLength ¶ added in v0.49.0
GetSignalTargetParentInterpreterFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileRights ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileRights returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileUid ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentInterpreterFileUser ¶ added in v0.49.0
GetSignalTargetParentInterpreterFileUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentIsKworker ¶ added in v0.49.0
GetSignalTargetParentIsKworker returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentIsThread ¶ added in v0.49.0
GetSignalTargetParentIsThread returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentPid ¶ added in v0.49.0
GetSignalTargetParentPid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentPpid ¶ added in v0.49.0
GetSignalTargetParentPpid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentTid ¶ added in v0.49.0
GetSignalTargetParentTid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentTtyName ¶ added in v0.49.0
GetSignalTargetParentTtyName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentUid ¶ added in v0.49.0
GetSignalTargetParentUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetParentUser ¶ added in v0.49.0
GetSignalTargetParentUser returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetPid ¶ added in v0.49.0
GetSignalTargetPid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetPpid ¶ added in v0.49.0
GetSignalTargetPpid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetTid ¶ added in v0.49.0
GetSignalTargetTid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetTtyName ¶ added in v0.49.0
GetSignalTargetTtyName returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetUid ¶ added in v0.49.0
GetSignalTargetUid returns the value of the field, resolving if necessary
func (*Event) GetSignalTargetUser ¶ added in v0.49.0
GetSignalTargetUser returns the value of the field, resolving if necessary
func (*Event) GetSignalType ¶ added in v0.49.0
GetSignalType returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileChangeTime ¶ added in v0.49.0
GetSpliceFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileFilesystem ¶ added in v0.49.0
GetSpliceFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileGid ¶ added in v0.49.0
GetSpliceFileGid returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileGroup ¶ added in v0.49.0
GetSpliceFileGroup returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileHashes ¶ added in v0.49.0
GetSpliceFileHashes returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileInUpperLayer ¶ added in v0.49.0
GetSpliceFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileInode ¶ added in v0.49.0
GetSpliceFileInode returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileMode ¶ added in v0.49.0
GetSpliceFileMode returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileModificationTime ¶ added in v0.49.0
GetSpliceFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileMountId ¶ added in v0.49.0
GetSpliceFileMountId returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileName ¶ added in v0.49.0
GetSpliceFileName returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileNameLength ¶ added in v0.49.0
GetSpliceFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetSpliceFilePackageName ¶ added in v0.49.0
GetSpliceFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetSpliceFilePackageSourceVersion ¶ added in v0.49.0
GetSpliceFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetSpliceFilePackageVersion ¶ added in v0.49.0
GetSpliceFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetSpliceFilePath ¶ added in v0.49.0
GetSpliceFilePath returns the value of the field, resolving if necessary
func (*Event) GetSpliceFilePathLength ¶ added in v0.49.0
GetSpliceFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileRights ¶ added in v0.49.0
GetSpliceFileRights returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileUid ¶ added in v0.49.0
GetSpliceFileUid returns the value of the field, resolving if necessary
func (*Event) GetSpliceFileUser ¶ added in v0.49.0
GetSpliceFileUser returns the value of the field, resolving if necessary
func (*Event) GetSplicePipeEntryFlag ¶ added in v0.49.0
GetSplicePipeEntryFlag returns the value of the field, resolving if necessary
func (*Event) GetSplicePipeExitFlag ¶ added in v0.49.0
GetSplicePipeExitFlag returns the value of the field, resolving if necessary
func (*Event) GetSpliceRetval ¶ added in v0.49.0
GetSpliceRetval returns the value of the field, resolving if necessary
func (*Event) GetTimestamp ¶ added in v0.49.0
GetTimestamp returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileChangeTime ¶ added in v0.49.0
GetUnlinkFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileFilesystem ¶ added in v0.49.0
GetUnlinkFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileGid ¶ added in v0.49.0
GetUnlinkFileGid returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileGroup ¶ added in v0.49.0
GetUnlinkFileGroup returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileHashes ¶ added in v0.49.0
GetUnlinkFileHashes returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileInUpperLayer ¶ added in v0.49.0
GetUnlinkFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileInode ¶ added in v0.49.0
GetUnlinkFileInode returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileMode ¶ added in v0.49.0
GetUnlinkFileMode returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileModificationTime ¶ added in v0.49.0
GetUnlinkFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileMountId ¶ added in v0.49.0
GetUnlinkFileMountId returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileName ¶ added in v0.49.0
GetUnlinkFileName returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileNameLength ¶ added in v0.49.0
GetUnlinkFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFilePackageName ¶ added in v0.49.0
GetUnlinkFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFilePackageSourceVersion ¶ added in v0.49.0
GetUnlinkFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFilePackageVersion ¶ added in v0.49.0
GetUnlinkFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFilePath ¶ added in v0.49.0
GetUnlinkFilePath returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFilePathLength ¶ added in v0.49.0
GetUnlinkFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileRights ¶ added in v0.49.0
GetUnlinkFileRights returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileUid ¶ added in v0.49.0
GetUnlinkFileUid returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFileUser ¶ added in v0.49.0
GetUnlinkFileUser returns the value of the field, resolving if necessary
func (*Event) GetUnlinkFlags ¶ added in v0.49.0
GetUnlinkFlags returns the value of the field, resolving if necessary
func (*Event) GetUnlinkRetval ¶ added in v0.49.0
GetUnlinkRetval returns the value of the field, resolving if necessary
func (*Event) GetUnloadModuleName ¶ added in v0.49.0
GetUnloadModuleName returns the value of the field, resolving if necessary
func (*Event) GetUnloadModuleRetval ¶ added in v0.49.0
GetUnloadModuleRetval returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileChangeTime ¶ added in v0.49.0
GetUtimesFileChangeTime returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileFilesystem ¶ added in v0.49.0
GetUtimesFileFilesystem returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileGid ¶ added in v0.49.0
GetUtimesFileGid returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileGroup ¶ added in v0.49.0
GetUtimesFileGroup returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileHashes ¶ added in v0.49.0
GetUtimesFileHashes returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileInUpperLayer ¶ added in v0.49.0
GetUtimesFileInUpperLayer returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileInode ¶ added in v0.49.0
GetUtimesFileInode returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileMode ¶ added in v0.49.0
GetUtimesFileMode returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileModificationTime ¶ added in v0.49.0
GetUtimesFileModificationTime returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileMountId ¶ added in v0.49.0
GetUtimesFileMountId returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileName ¶ added in v0.49.0
GetUtimesFileName returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileNameLength ¶ added in v0.49.0
GetUtimesFileNameLength returns the value of the field, resolving if necessary
func (*Event) GetUtimesFilePackageName ¶ added in v0.49.0
GetUtimesFilePackageName returns the value of the field, resolving if necessary
func (*Event) GetUtimesFilePackageSourceVersion ¶ added in v0.49.0
GetUtimesFilePackageSourceVersion returns the value of the field, resolving if necessary
func (*Event) GetUtimesFilePackageVersion ¶ added in v0.49.0
GetUtimesFilePackageVersion returns the value of the field, resolving if necessary
func (*Event) GetUtimesFilePath ¶ added in v0.49.0
GetUtimesFilePath returns the value of the field, resolving if necessary
func (*Event) GetUtimesFilePathLength ¶ added in v0.49.0
GetUtimesFilePathLength returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileRights ¶ added in v0.49.0
GetUtimesFileRights returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileUid ¶ added in v0.49.0
GetUtimesFileUid returns the value of the field, resolving if necessary
func (*Event) GetUtimesFileUser ¶ added in v0.49.0
GetUtimesFileUser returns the value of the field, resolving if necessary
func (*Event) GetUtimesRetval ¶ added in v0.49.0
GetUtimesRetval returns the value of the field, resolving if necessary
func (*Event) GetWorkloadID ¶ added in v0.47.0
GetWorkloadID returns an ID that represents the workload
func (*Event) HasProfile ¶ added in v0.45.0
HasProfile returns true if we found a profile for that event
func (*Event) IsActivityDumpSample ¶ added in v0.40.0
IsActivityDumpSample return whether AD sample
func (*Event) IsAnomalyDetectionEvent ¶ added in v0.47.0
IsAnomalyDetectionEvent returns true if the current event is an anomaly detection event (kernel or user space)
func (*Event) IsInProfile ¶ added in v0.45.0
IsInProfile return true if the event was found in the profile
func (*Event) IsKernelSpaceAnomalyDetectionEvent ¶ added in v0.47.0
IsKernelSpaceAnomalyDetectionEvent returns true if the event is a kernel space anomaly detection event
func (*Event) IsSavedByActivityDumps ¶ added in v0.44.0
IsSavedByActivityDumps return whether saved by AD
func (*Event) RemoveFromFlags ¶ added in v0.45.0
RemoveFromFlags remove a flag to the event
func (*Event) ResolveEventTime ¶ added in v0.46.0
ResolveEventTime uses the field handler
func (*Event) ResolveFields ¶ added in v0.43.0
func (ev *Event) ResolveFields()
ResolveFields resolves all the fields associate to the event type. Context fields are automatically resolved.
func (*Event) ResolveFieldsForAD ¶ added in v0.44.0
func (ev *Event) ResolveFieldsForAD()
ResolveFieldsForAD resolves all the fields associate to the event type. Context fields are automatically resolved.
func (*Event) ResolveProcessCacheEntry ¶ added in v0.43.0
func (e *Event) ResolveProcessCacheEntry() (*ProcessCacheEntry, bool)
ResolveProcessCacheEntry uses the field handler
func (*Event) SetFieldValue ¶
func (*Event) SetPathResolutionError ¶ added in v0.43.0
SetPathResolutionError sets the Event.pathResolutionError
func (*Event) UnmarshalBinary ¶
UnmarshalBinary unmarshalls a binary representation of itself
type EventCategory ¶
type EventCategory = string
EventCategory category type
const ( // FIMCategory FIM events FIMCategory EventCategory = "File Activity" // ProcessCategory process events ProcessCategory EventCategory = "Process Activity" // KernelCategory Kernel events KernelCategory EventCategory = "Kernel Activity" // NetworkCategory network events NetworkCategory EventCategory = "Network Activity" )
Event categories
func GetAllCategories ¶ added in v0.34.0
func GetAllCategories() []EventCategory
GetAllCategories returns all categories
func GetEventTypeCategory ¶
func GetEventTypeCategory(eventType eval.EventType) EventCategory
GetEventTypeCategory returns the category for the given event type
type EventType ¶
type EventType uint32
EventType describes the type of an event sent from the kernel
const ( // UnknownEventType unknown event UnknownEventType EventType = iota // FileOpenEventType File open event FileOpenEventType // FileMkdirEventType Folder creation event FileMkdirEventType // FileLinkEventType Hard link creation event FileLinkEventType // FileRenameEventType File or folder rename event FileRenameEventType // FileUnlinkEventType Unlink event FileUnlinkEventType // FileRmdirEventType Rmdir event FileRmdirEventType // FileChmodEventType Chmod event FileChmodEventType // FileChownEventType Chown event FileChownEventType // FileUtimesEventType Utime event FileUtimesEventType // FileSetXAttrEventType Setxattr event FileSetXAttrEventType // FileRemoveXAttrEventType Removexattr event FileRemoveXAttrEventType // FileMountEventType Mount event FileMountEventType // FileUmountEventType Umount event FileUmountEventType // ForkEventType Fork event ForkEventType // ExecEventType Exec event ExecEventType // ExitEventType Exit event ExitEventType // InvalidateDentryEventType Dentry invalidated event (DEPRECATED) InvalidateDentryEventType // SetuidEventType setuid event SetuidEventType // SetgidEventType setgid event SetgidEventType // CapsetEventType capset event CapsetEventType // ArgsEnvsEventType args and envs event ArgsEnvsEventType // MountReleasedEventType sent when a mount point is released MountReleasedEventType // SELinuxEventType selinux event SELinuxEventType // BPFEventType bpf event BPFEventType // PTraceEventType PTrace event PTraceEventType // MMapEventType MMap event MMapEventType // MProtectEventType MProtect event MProtectEventType // LoadModuleEventType LoadModule event LoadModuleEventType // UnloadModuleEventType UnloadModule evnt UnloadModuleEventType // SignalEventType Signal event SignalEventType // SpliceEventType Splice event SpliceEventType // CgroupTracingEventType is sent when a new cgroup is being traced CgroupTracingEventType // DNSEventType DNS event DNSEventType // NetDeviceEventType is sent for events on net devices NetDeviceEventType // VethPairEventType is sent when a new veth pair is created VethPairEventType // BindEventType Bind event BindEventType UnshareMountNsEventType // SyscallsEventType Syscalls event SyscallsEventType // AnomalyDetectionSyscallEventType Anomaly Detection Syscall event AnomalyDetectionSyscallEventType // MaxKernelEventType is used internally to get the maximum number of kernel events. MaxKernelEventType // FirstEventType is the first valid event type FirstEventType = FileOpenEventType // LastEventType is the last valid event type LastEventType = SyscallsEventType // FirstDiscarderEventType first event that accepts discarders FirstDiscarderEventType = FileOpenEventType // LastDiscarderEventType last event that accepts discarders LastDiscarderEventType = FileRemoveXAttrEventType // LastApproverEventType is the last event that accepts approvers LastApproverEventType = SpliceEventType // CustomLostReadEventType is the custom event used to report lost events detected in user space CustomLostReadEventType = iota // CustomLostWriteEventType is the custom event used to report lost events detected in kernel space CustomLostWriteEventType // CustomRulesetLoadedEventType is the custom event used to report that a new ruleset was loaded CustomRulesetLoadedEventType // CustomForkBombEventType is the custom event used to report the detection of a fork bomb CustomForkBombEventType // CustomTruncatedParentsEventType is the custom event used to report that the parents of a path were truncated CustomTruncatedParentsEventType // CustomSelfTestEventType is the custom event used to report the results of a self test run CustomSelfTestEventType // MaxAllEventType is used internally to get the maximum number of events. MaxAllEventType )
type ExitCause ¶ added in v0.38.0
type ExitCause uint32
ExitCause represents the cause of a process termination
type ExitEvent ¶ added in v0.38.0
type ExitEvent struct { *Process Cause uint32 `field:"cause"` // SECLDoc[cause] Definition:`Cause of the process termination (one of EXITED, SIGNALED, COREDUMPED)` Code uint32 `field:"code"` // SECLDoc[code] Definition:`Exit code of the process or number of the signal that caused the process to terminate` }
ExitEvent represents a process exit event
type ExtraFieldHandlers ¶ added in v0.43.0
type ExtraFieldHandlers interface { ResolveProcessCacheEntry(ev *Event) (*ProcessCacheEntry, bool) ResolveContainerContext(ev *Event) (*ContainerContext, bool) ResolveEventTime(ev *Event) time.Time GetProcessService(ev *Event) string ResolveHashes(eventType EventType, process *Process, file *FileEvent) []string }
ExtraFieldHandlers handlers not hold by any field
type FieldHandlers ¶ added in v0.43.0
type FieldHandlers interface { ResolveAsync(ev *Event) bool ResolveChownGID(ev *Event, e *ChownEvent) string ResolveChownUID(ev *Event, e *ChownEvent) string ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int ResolveContainerID(ev *Event, e *ContainerContext) string ResolveContainerTags(ev *Event, e *ContainerContext) []string ResolveEventTimestamp(ev *Event, e *BaseEvent) int ResolveFileBasename(ev *Event, e *FileEvent) string ResolveFileFieldsGroup(ev *Event, e *FileFields) string ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool ResolveFileFieldsUser(ev *Event, e *FileFields) string ResolveFileFilesystem(ev *Event, e *FileEvent) string ResolveFilePath(ev *Event, e *FileEvent) string ResolveHashesFromEvent(ev *Event, e *FileEvent) []string ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string ResolveMountPointPath(ev *Event, e *MountEvent) string ResolveMountSourcePath(ev *Event, e *MountEvent) string ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string ResolvePackageName(ev *Event, e *FileEvent) string ResolvePackageSourceVersion(ev *Event, e *FileEvent) string ResolvePackageVersion(ev *Event, e *FileEvent) string ResolveProcessArgs(ev *Event, e *Process) string ResolveProcessArgsFlags(ev *Event, e *Process) []string ResolveProcessArgsOptions(ev *Event, e *Process) []string ResolveProcessArgsTruncated(ev *Event, e *Process) bool ResolveProcessArgv(ev *Event, e *Process) []string ResolveProcessArgvScrubbed(ev *Event, e *Process) []string ResolveProcessArgv0(ev *Event, e *Process) string ResolveProcessCreatedAt(ev *Event, e *Process) int ResolveProcessEnvp(ev *Event, e *Process) []string ResolveProcessEnvs(ev *Event, e *Process) []string ResolveProcessEnvsTruncated(ev *Event, e *Process) bool ResolveRights(ev *Event, e *FileFields) int ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string ResolveSetgidGroup(ev *Event, e *SetgidEvent) string ResolveSetuidEUser(ev *Event, e *SetuidEvent) string ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string ResolveSetuidUser(ev *Event, e *SetuidEvent) string ResolveXAttrName(ev *Event, e *SetXAttrEvent) string ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string // custom handlers not tied to any fields ExtraFieldHandlers }
type FileEvent ¶
type FileEvent struct { FileFields `` PathnameStr string `field:"path,handler:ResolveFilePath,opts:length" op_override:"ProcessSymlinkPathname"` // SECLDoc[path] Definition:`File's path` Example:`exec.file.path == "/usr/bin/apt"` Description:`Matches the execution of the file located at /usr/bin/apt` Example:`open.file.path == "/etc/passwd"` Description:`Matches any process opening the /etc/passwd file.` BasenameStr string `field:"name,handler:ResolveFileBasename,opts:length" op_override:"ProcessSymlinkBasename"` // SECLDoc[name] Definition:`File's basename` Example:`exec.file.name == "apt"` Description:`Matches the execution of any file named apt.` Filesystem string `field:"filesystem,handler:ResolveFileFilesystem"` // SECLDoc[filesystem] Definition:`File's filesystem` PathResolutionError error `field:"-" json:"-"` PkgName string `field:"package.name,handler:ResolvePackageName"` // SECLDoc[package.name] Definition:`[Experimental] Name of the package that provided this file` PkgVersion string `field:"package.version,handler:ResolvePackageVersion"` // SECLDoc[package.version] Definition:`[Experimental] Full version of the package that provided this file` PkgSrcVersion string `field:"package.source_version,handler:ResolvePackageSourceVersion"` // SECLDoc[package.source_version] Definition:`[Experimental] Full version of the source package of the package that provided this file` HashState HashState `field:"-"` Hashes []string `field:"hashes,handler:ResolveHashesFromEvent,opts:skip_ad"` // SECLDoc[hashes] Definition:`[Experimental] List of cryptographic hashes computed for this file` // used to mark as already resolved, can be used in case of empty path IsPathnameStrResolved bool `field:"-" json:"-"` IsBasenameStrResolved bool `field:"-" json:"-"` }
FileEvent is the common file event type
func (*FileEvent) GetPathResolutionError ¶
GetPathResolutionError returns the path resolution error as a string if there is one
func (*FileEvent) IsOverlayFS ¶ added in v0.46.0
IsOverlayFS returns whether it is an overlay fs
func (*FileEvent) SetBasenameStr ¶ added in v0.36.0
SetBasenameStr set and mark as resolved
func (*FileEvent) SetPathnameStr ¶ added in v0.36.0
SetPathnameStr set and mark as resolved
type FileFields ¶
type FileFields struct { UID uint32 `field:"uid"` // SECLDoc[uid] Definition:`UID of the file's owner` User string `field:"user,handler:ResolveFileFieldsUser"` // SECLDoc[user] Definition:`User of the file's owner` GID uint32 `field:"gid"` // SECLDoc[gid] Definition:`GID of the file's owner` Group string `field:"group,handler:ResolveFileFieldsGroup"` // SECLDoc[group] Definition:`Group of the file's owner` Mode uint16 `field:"mode;rights,handler:ResolveRights,opts:helper"` // SECLDoc[mode] Definition:`Mode of the file` Constants:`Inode mode constants` SECLDoc[rights] Definition:`Rights of the file` Constants:`File mode constants` CTime uint64 `field:"change_time"` // SECLDoc[change_time] Definition:`Change time (ctime) of the file` MTime uint64 `field:"modification_time"` // SECLDoc[modification_time] Definition:`Modification time (mtime) of the file` PathKey Device uint32 `field:"-"` InUpperLayer bool `field:"in_upper_layer,handler:ResolveFileFieldsInUpperLayer"` // SECLDoc[in_upper_layer] Definition:`Indicator of the file layer, for example, in an OverlayFS` NLink uint32 `field:"-" json:"-"` Flags int32 `field:"-" json:"-"` }
FileFields holds the information required to identify a file
func (*FileFields) Equals ¶ added in v0.47.0
func (f *FileFields) Equals(o *FileFields) bool
Equals compares two FileFields
func (*FileFields) GetInLowerLayer ¶
func (f *FileFields) GetInLowerLayer() bool
GetInLowerLayer returns whether a file is in a lower layer
func (*FileFields) GetInUpperLayer ¶
func (f *FileFields) GetInUpperLayer() bool
GetInUpperLayer returns whether a file is in the upper layer
func (*FileFields) HasHardLinks ¶
func (f *FileFields) HasHardLinks() bool
HasHardLinks returns whether the file has hardlink
func (*FileFields) IsFileless ¶ added in v0.42.0
func (f *FileFields) IsFileless() bool
IsFileless return whether it is a file less access
func (*FileFields) MarshalBinary ¶ added in v0.36.0
func (e *FileFields) MarshalBinary(data []byte) (int, error)
MarshalBinary marshals a binary representation of itself
func (*FileFields) UnmarshalBinary ¶
func (e *FileFields) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type HashAlgorithm ¶ added in v0.47.0
type HashAlgorithm int
HashAlgorithm is used to configure the hash algorithms of the hash resolver
const ( // SHA1 is used to identify a SHA1 hash SHA1 HashAlgorithm = iota // SHA256 is used to identify a SHA256 hash SHA256 // MD5 is used to identify a MD5 hash MD5 // MaxHashAlgorithm is used for initializations MaxHashAlgorithm )
func (HashAlgorithm) String ¶ added in v0.47.0
func (ha HashAlgorithm) String() string
type HashState ¶ added in v0.47.0
type HashState int
HashState is used to prevent the hash resolver from retrying to hash a file
const ( // NoHash means that computing a hash hasn't been attempted NoHash HashState = iota // Done means that the hashes were already computed Done // FileNotFound means that the underlying file is not longer available to compute the hash FileNotFound // PathnameResolutionError means that the underlying file wasn't properly resolved PathnameResolutionError // FileTooBig means that the underlying file is larger than the hash resolver file size limit FileTooBig // FileEmpty means that the underlying file is empty FileEmpty // FileOpenError is a generic hash state to say that we couldn't open the file FileOpenError // EventTypeNotConfigured means that the event type prevents a hash from being computed EventTypeNotConfigured // HashWasRateLimited means that the hash will be tried again later, it was rate limited HashWasRateLimited // MaxHashState is used for initializations MaxHashState )
type IPPortContext ¶ added in v0.36.0
type IPPortContext struct { IPNet net.IPNet `field:"ip"` // SECLDoc[ip] Definition:`IP address` Port uint16 `field:"port"` // SECLDoc[port] Definition:`Port number` }
IPPortContext is used to hold an IP and Port
type InodeMode ¶ added in v0.46.0
type InodeMode int
InodeMode represents an inode mode bitmask value
type InvalidateDentryEvent ¶
InvalidateDentryEvent defines a invalidate dentry event
func (*InvalidateDentryEvent) UnmarshalBinary ¶
func (e *InvalidateDentryEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type KernelCapability ¶
type KernelCapability uint64
KernelCapability represents a kernel capability bitmask value
func (KernelCapability) String ¶
func (kc KernelCapability) String() string
func (KernelCapability) StringArray ¶
func (kc KernelCapability) StringArray() []string
StringArray returns the kernel capabilities as an array of strings
type L3Protocol ¶ added in v0.36.0
type L3Protocol uint16
L3Protocol Network protocols
const ( // EthPLOOP Ethernet Loopback packet EthPLOOP L3Protocol = 0x0060 // EthPPUP Xerox PUP packet EthPPUP L3Protocol = 0x0200 // EthPPUPAT Xerox PUP Addr Trans packet EthPPUPAT L3Protocol = 0x0201 // EthPTSN TSN (IEEE 1722) packet EthPTSN L3Protocol = 0x22F0 // EthPIP Internet Protocol packet EthPIP L3Protocol = 0x0800 // EthPX25 CCITT X.25 EthPX25 L3Protocol = 0x0805 // EthPARP Address Resolution packet EthPARP L3Protocol = 0x0806 // EthPBPQ G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] EthPBPQ L3Protocol = 0x08FF // EthPIEEEPUP Xerox IEEE802.3 PUP packet EthPIEEEPUP L3Protocol = 0x0a00 // EthPIEEEPUPAT Xerox IEEE802.3 PUP Addr Trans packet EthPIEEEPUPAT L3Protocol = 0x0a01 // EthPBATMAN B.A.T.M.A.N.-Advanced packet [ NOT AN OFFICIALLY REGISTERED ID ] EthPBATMAN L3Protocol = 0x4305 // EthPDEC DEC Assigned proto EthPDEC L3Protocol = 0x6000 // EthPDNADL DEC DNA Dump/Load EthPDNADL L3Protocol = 0x6001 // EthPDNARC DEC DNA Remote Console EthPDNARC L3Protocol = 0x6002 // EthPDNART DEC DNA Routing EthPDNART L3Protocol = 0x6003 // EthPLAT DEC LAT EthPLAT L3Protocol = 0x6004 // EthPDIAG DEC Diagnostics EthPDIAG L3Protocol = 0x6005 // EthPCUST DEC Customer use EthPCUST L3Protocol = 0x6006 // EthPSCA DEC Systems Comms Arch EthPSCA L3Protocol = 0x6007 // EthPTEB Trans Ether Bridging EthPTEB L3Protocol = 0x6558 // EthPRARP Reverse Addr Res packet EthPRARP L3Protocol = 0x8035 // EthPATALK Appletalk DDP EthPATALK L3Protocol = 0x809B // EthPAARP Appletalk AARP EthPAARP L3Protocol = 0x80F3 // EthP8021Q 802.1Q VLAN Extended Header EthP8021Q L3Protocol = 0x8100 // EthPERSPAN ERSPAN type II EthPERSPAN L3Protocol = 0x88BE // EthPIPX IPX over DIX EthPIPX L3Protocol = 0x8137 // EthPIPV6 IPv6 over bluebook EthPIPV6 L3Protocol = 0x86DD // EthPPAUSE IEEE Pause frames. See 802.3 31B EthPPAUSE L3Protocol = 0x8808 // EthPSLOW Slow Protocol. See 802.3ad 43B EthPSLOW L3Protocol = 0x8809 // EthPWCCP Web-cache coordination protocol defined in draft-wilson-wrec-wccp-v2-00.txt EthPWCCP L3Protocol = 0x883E // EthPMPLSUC MPLS Unicast traffic EthPMPLSUC L3Protocol = 0x8847 // EthPMPLSMC MPLS Multicast traffic EthPMPLSMC L3Protocol = 0x8848 // EthPATMMPOA MultiProtocol Over ATM EthPATMMPOA L3Protocol = 0x884c // EthPPPPDISC PPPoE discovery messages EthPPPPDISC L3Protocol = 0x8863 // EthPPPPSES PPPoE session messages EthPPPPSES L3Protocol = 0x8864 // EthPLinkCTL HPNA, wlan link local tunnel EthPLinkCTL L3Protocol = 0x886c // EthPATMFATE Frame-based ATM Transport over Ethernet EthPATMFATE L3Protocol = 0x8884 // EthPPAE Port Access Entity (IEEE 802.1X) EthPPAE L3Protocol = 0x888E // EthPAOE ATA over Ethernet EthPAOE L3Protocol = 0x88A2 // EthP8021AD 802.1ad Service VLAN EthP8021AD L3Protocol = 0x88A8 // EthP802EX1 802.1 Local Experimental 1. EthP802EX1 L3Protocol = 0x88B5 // EthPTIPC TIPC EthPTIPC L3Protocol = 0x88CA // EthPMACSEC 802.1ae MACsec EthPMACSEC L3Protocol = 0x88E5 // EthP8021AH 802.1ah Backbone Service Tag EthP8021AH L3Protocol = 0x88E7 // EthPMVRP 802.1Q MVRP EthPMVRP L3Protocol = 0x88F5 // EthP1588 IEEE 1588 Timesync EthP1588 L3Protocol = 0x88F7 // EthPNCSI NCSI protocol EthPNCSI L3Protocol = 0x88F8 // EthPPRP IEC 62439-3 PRP/HSRv0 EthPPRP L3Protocol = 0x88FB // EthPFCOE Fibre Channel over Ethernet EthPFCOE L3Protocol = 0x8906 // EthPIBOE Infiniband over Ethernet EthPIBOE L3Protocol = 0x8915 // EthPTDLS TDLS EthPTDLS L3Protocol = 0x890D // EthPFIP FCoE Initialization Protocol EthPFIP L3Protocol = 0x8914 // EthP80221 IEEE 802.21 Media Independent Handover Protocol EthP80221 L3Protocol = 0x8917 // EthPHSR IEC 62439-3 HSRv1 EthPHSR L3Protocol = 0x892F // EthPNSH Network Service Header EthPNSH L3Protocol = 0x894F // EthPLOOPBACK Ethernet loopback packet, per IEEE 802.3 EthPLOOPBACK L3Protocol = 0x9000 // EthPQINQ1 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ1 L3Protocol = 0x9100 // EthPQINQ2 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ2 L3Protocol = 0x9200 // EthPQINQ3 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ3 L3Protocol = 0x9300 // EthPEDSA Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] EthPEDSA L3Protocol = 0xDADA // EthPIFE ForCES inter-FE LFB type EthPIFE L3Protocol = 0xED3E // EthPAFIUCV IBM afiucv [ NOT AN OFFICIALLY REGISTERED ID ] EthPAFIUCV L3Protocol = 0xFBFB // EthP8023MIN If the value in the ethernet type is less than this value then the frame is Ethernet II. Else it is 802.3 EthP8023MIN L3Protocol = 0x0600 // EthPIPV6HopByHop IPv6 Hop by hop option EthPIPV6HopByHop L3Protocol = 0x000 // EthP8023 Dummy type for 802.3 frames EthP8023 L3Protocol = 0x0001 // EthPAX25 Dummy protocol id for AX.25 EthPAX25 L3Protocol = 0x0002 // EthPALL Every packet (be careful!!!) EthPALL L3Protocol = 0x0003 // EthP8022 802.2 frames EthP8022 L3Protocol = 0x0004 // EthPSNAP Internal only EthPSNAP L3Protocol = 0x0005 // EthPDDCMP DEC DDCMP: Internal only EthPDDCMP L3Protocol = 0x0006 // EthPWANPPP Dummy type for WAN PPP frames*/ EthPWANPPP L3Protocol = 0x0007 // EthPPPPMP Dummy type for PPP MP frames EthPPPPMP L3Protocol = 0x0008 // EthPLOCALTALK Localtalk pseudo type EthPLOCALTALK L3Protocol = 0x0009 // EthPCAN CAN: Controller Area Network EthPCAN L3Protocol = 0x000C // EthPCANFD CANFD: CAN flexible data rate*/ EthPCANFD L3Protocol = 0x000D // EthPPPPTALK Dummy type for Atalk over PPP*/ EthPPPPTALK L3Protocol = 0x0010 // EthPTR8022 802.2 frames EthPTR8022 L3Protocol = 0x0011 // EthPMOBITEX Mobitex (kaz@cafe.net) EthPMOBITEX L3Protocol = 0x0015 // EthPCONTROL Card specific control frames EthPCONTROL L3Protocol = 0x0016 // EthPIRDA Linux-IrDA EthPIRDA L3Protocol = 0x0017 // EthPECONET Acorn Econet EthPECONET L3Protocol = 0x0018 // EthPHDLC HDLC frames EthPHDLC L3Protocol = 0x0019 // EthPARCNET 1A for ArcNet :-) EthPARCNET L3Protocol = 0x001A // EthPDSA Distributed Switch Arch. EthPDSA L3Protocol = 0x001B // EthPTRAILER Trailer switch tagging EthPTRAILER L3Protocol = 0x001C // EthPPHONET Nokia Phonet frames EthPPHONET L3Protocol = 0x00F5 // EthPIEEE802154 IEEE802.15.4 frame EthPIEEE802154 L3Protocol = 0x00F6 // EthPCAIF ST-Ericsson CAIF protocol EthPCAIF L3Protocol = 0x00F7 // EthPXDSA Multiplexed DSA protocol EthPXDSA L3Protocol = 0x00F8 // EthPMAP Qualcomm multiplexing and aggregation protocol EthPMAP L3Protocol = 0x00F9 )
func (L3Protocol) String ¶ added in v0.36.0
func (proto L3Protocol) String() string
type L4Protocol ¶ added in v0.36.0
type L4Protocol uint16
L4Protocol transport protocols
const ( // IPProtoIP Dummy protocol for TCP IPProtoIP L4Protocol = 0 // IPProtoICMP Internet Control Message Protocol (IPv4) IPProtoICMP L4Protocol = 1 // IPProtoIGMP Internet Group Management Protocol IPProtoIGMP L4Protocol = 2 // IPProtoIPIP IPIP tunnels (older KA9Q tunnels use 94) IPProtoIPIP L4Protocol = 4 // IPProtoTCP Transmission Control Protocol IPProtoTCP L4Protocol = 6 // IPProtoEGP Exterior Gateway Protocol IPProtoEGP L4Protocol = 8 // IPProtoIGP Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP)) IPProtoIGP L4Protocol = 9 // IPProtoPUP PUP protocol IPProtoPUP L4Protocol = 12 // IPProtoUDP User Datagram Protocol IPProtoUDP L4Protocol = 17 // IPProtoIDP XNS IDP protocol IPProtoIDP L4Protocol = 22 // IPProtoTP SO Transport Protocol Class 4 IPProtoTP L4Protocol = 29 // IPProtoDCCP Datagram Congestion Control Protocol IPProtoDCCP L4Protocol = 33 // IPProtoIPV6 IPv6-in-IPv4 tunnelling IPProtoIPV6 L4Protocol = 41 // IPProtoRSVP RSVP Protocol IPProtoRSVP L4Protocol = 46 // IPProtoGRE Cisco GRE tunnels (rfc 1701,1702) IPProtoGRE L4Protocol = 47 // IPProtoESP Encapsulation Security Payload protocol IPProtoESP L4Protocol = 50 // IPProtoAH Authentication Header protocol IPProtoAH L4Protocol = 51 // IPProtoICMPV6 Internet Control Message Protocol (IPv6) IPProtoICMPV6 L4Protocol = 58 // IPProtoMTP Multicast Transport Protocol IPProtoMTP L4Protocol = 92 // IPProtoBEETPH IP option pseudo header for BEET IPProtoBEETPH L4Protocol = 94 // IPProtoENCAP Encapsulation Header IPProtoENCAP L4Protocol = 98 // IPProtoPIM Protocol Independent Multicast IPProtoPIM L4Protocol = 103 // IPProtoCOMP Compression Header Protocol IPProtoCOMP L4Protocol = 108 // IPProtoSCTP Stream Control Transport Protocol IPProtoSCTP L4Protocol = 132 // IPProtoUDPLITE UDP-Lite (RFC 3828) IPProtoUDPLITE L4Protocol = 136 // IPProtoMPLS MPLS in IP (RFC 4023) IPProtoMPLS L4Protocol = 137 // IPProtoRAW Raw IP packets IPProtoRAW L4Protocol = 255 )
func (L4Protocol) String ¶ added in v0.36.0
func (proto L4Protocol) String() string
type LinkEvent ¶
type LinkEvent struct { SyscallEvent Source FileEvent `field:"file"` Target FileEvent `field:"file.destination"` }
LinkEvent represents a link event
type LinuxBinprm ¶ added in v0.40.0
type LinuxBinprm struct {
FileEvent FileEvent `field:"file"`
}
LinuxBinprm contains content from the linux_binprm struct, which holds the arguments used for loading binaries
type LoadModuleEvent ¶ added in v0.35.0
type LoadModuleEvent struct { SyscallEvent File FileEvent `field:"file"` // Path to the kernel module file LoadedFromMemory bool `field:"loaded_from_memory"` // SECLDoc[loaded_from_memory] Definition:`Indicates if the kernel module was loaded from memory` Name string `field:"name"` // SECLDoc[name] Definition:`Name of the new kernel module` Args string `field:"args,handler:ResolveModuleArgs"` // SECLDoc[args] Definition:`Parameters (as a string) of the new kernel module` Argv []string `field:"argv,handler:ResolveModuleArgv"` // SECLDoc[argv] Definition:`Parameters (as an array) of the new kernel module` ArgsTruncated bool `field:"args_truncated"` // SECLDoc[args_truncated] Definition:`Indicates if the arguments were truncated or not` }
LoadModuleEvent represents a load_module event
func (*LoadModuleEvent) UnmarshalBinary ¶ added in v0.35.0
func (e *LoadModuleEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type MMapEvent ¶ added in v0.34.0
type MMapEvent struct { SyscallEvent File FileEvent `field:"file"` Addr uint64 `field:"-" json:"-"` Offset uint64 `field:"-" json:"-"` Len uint32 `field:"-" json:"-"` Protection int `field:"protection"` // SECLDoc[protection] Definition:`memory segment protection` Constants:`Protection constants` Flags int `field:"flags"` // SECLDoc[flags] Definition:`memory segment flags` Constants:`MMap flags` }
MMapEvent represents a mmap event
type MProtectEvent ¶ added in v0.34.0
type MProtectEvent struct { SyscallEvent VMStart uint64 `field:"-" json:"-"` VMEnd uint64 `field:"-" json:"-"` VMProtection int `field:"vm_protection"` // SECLDoc[vm_protection] Definition:`initial memory segment protection` Constants:`Virtual Memory flags` ReqProtection int `field:"req_protection"` // SECLDoc[req_protection] Definition:`new memory segment protection` Constants:`Virtual Memory flags` }
MProtectEvent represents a mprotect event
func (*MProtectEvent) UnmarshalBinary ¶ added in v0.34.0
func (e *MProtectEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type MatchedRule ¶ added in v0.44.0
type MatchedRule struct { RuleID string RuleVersion string RuleTags map[string]string PolicyName string PolicyVersion string }
MatchedRule contains the identification of one rule that has match
func AppendMatchedRule ¶ added in v0.44.0
func AppendMatchedRule(list []*MatchedRule, toAdd []*MatchedRule) []*MatchedRule
AppendMatchedRule appends two lists, but avoiding duplicates
func NewMatchedRule ¶ added in v0.44.0
func NewMatchedRule(ruleID, ruleVersion string, ruleTags map[string]string, policyName, policyVersion string) *MatchedRule
NewMatchedRule return a new MatchedRule instance
func (*MatchedRule) Match ¶ added in v0.44.0
func (mr *MatchedRule) Match(mr2 *MatchedRule) bool
Match returns true if the rules are equal
type MkdirEvent ¶
type MkdirEvent struct { SyscallEvent File FileEvent `field:"file"` Mode uint32 `field:"file.destination.mode; file.destination.rights"` // SECLDoc[file.destination.mode] Definition:`Mode of the new directory` Constants:`File mode constants` SECLDoc[file.destination.rights] Definition:`Rights of the new directory` Constants:`File mode constants` }
MkdirEvent represents a mkdir event
func (*MkdirEvent) UnmarshalBinary ¶
func (e *MkdirEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type Model ¶
type Model struct {
ExtraValidateFieldFnc func(field eval.Field, fieldValue eval.FieldValue) error
}
Model describes the data model for the runtime security agent events
func (*Model) GetEvaluator ¶
func (*Model) GetEventTypes ¶
func (*Model) NewDefaultEventWithType ¶ added in v0.43.0
NewDefaultEventWithType returns a new Event for the given type
func (*Model) ValidateField ¶
ValidateField validates the value of a field
type Mount ¶ added in v0.42.0
type Mount struct { MountID uint32 `field:"-"` Device uint32 `field:"-"` ParentPathKey PathKey `field:"-"` RootPathKey PathKey `field:"-"` BindSrcMountID uint32 `field:"-"` FSType string `field:"fs_type"` // SECLDoc[fs_type] Definition:`Type of the mounted file system` MountPointStr string `field:"-"` RootStr string `field:"-"` Path string `field:"-"` }
Mount represents a mountpoint (used by MountEvent and UnshareMountNSEvent)
func (*Mount) IsOverlayFS ¶ added in v0.42.0
IsOverlayFS returns whether it is an overlay fs
type MountEvent ¶
type MountEvent struct { SyscallEvent Mount MountPointPath string `field:"mountpoint.path,handler:ResolveMountPointPath"` // SECLDoc[mountpoint.path] Definition:`Path of the mount point` MountSourcePath string `field:"source.path,handler:ResolveMountSourcePath"` // SECLDoc[source.path] Definition:`Source path of a bind mount` MountPointPathResolutionError error `field:"-"` MountSourcePathResolutionError error `field:"-"` }
MountEvent represents a mount event
func (*MountEvent) UnmarshalBinary ¶
func (e *MountEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type MountReleasedEvent ¶
type MountReleasedEvent struct {
MountID uint32
}
MountReleasedEvent defines a mount released event
func (*MountReleasedEvent) UnmarshalBinary ¶
func (e *MountReleasedEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type NetDevice ¶ added in v0.36.0
type NetDevice struct { Name string NetNS uint32 IfIndex uint32 PeerNetNS uint32 PeerIfIndex uint32 }
NetDevice represents a network device
type NetDeviceEvent ¶ added in v0.36.0
type NetDeviceEvent struct { SyscallEvent Device NetDevice }
NetDeviceEvent represents a network device event
func (*NetDeviceEvent) UnmarshalBinary ¶ added in v0.36.0
func (e *NetDeviceEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type NetIP ¶ added in v0.48.0
Aliases used to avoid compilation error in case of unused imported package
type NetworkContext ¶ added in v0.36.0
type NetworkContext struct { Device NetworkDeviceContext `field:"device"` // network device on which the network packet was captured L3Protocol uint16 `field:"l3_protocol"` // SECLDoc[l3_protocol] Definition:`l3 protocol of the network packet` Constants:`L3 protocols` L4Protocol uint16 `field:"l4_protocol"` // SECLDoc[l4_protocol] Definition:`l4 protocol of the network packet` Constants:`L4 protocols` Source IPPortContext `field:"source"` // source of the network packet Destination IPPortContext `field:"destination"` // destination of the network packet Size uint32 `field:"size"` // SECLDoc[size] Definition:`size in bytes of the network packet` }
NetworkContext represents the network context of the event
func (*NetworkContext) UnmarshalBinary ¶ added in v0.36.0
func (e *NetworkContext) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type NetworkDeviceContext ¶ added in v0.36.0
type NetworkDeviceContext struct { NetNS uint32 `field:"-" json:"-"` IfIndex uint32 `field:"ifindex"` // SECLDoc[ifindex] Definition:`interface ifindex` IfName string `field:"ifname,handler:ResolveNetworkDeviceIfName"` // SECLDoc[ifname] Definition:`interface ifname` }
NetworkDeviceContext represents the network device context of a network event
func (*NetworkDeviceContext) UnmarshalBinary ¶ added in v0.36.0
func (e *NetworkDeviceContext) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type OpenEvent ¶
type OpenEvent struct { SyscallEvent File FileEvent `field:"file"` Flags uint32 `field:"flags"` // SECLDoc[flags] Definition:`Flags used when opening the file` Constants:`Open flags` Mode uint32 `field:"file.destination.mode"` // SECLDoc[file.destination.mode] Definition:`Mode of the created file` Constants:`File mode constants` }
OpenEvent represents an open event
type OpenFlags ¶
type OpenFlags int
OpenFlags represents an open flags bitmask value
func (OpenFlags) StringArray ¶
StringArray returns the open flags as an array of strings
type PIDContext ¶ added in v0.37.0
type PIDContext struct { Pid uint32 `field:"pid"` // SECLDoc[pid] Definition:`Process ID of the process (also called thread group ID)` Tid uint32 `field:"tid"` // SECLDoc[tid] Definition:`Thread ID of the thread` NetNS uint32 `field:"-"` IsKworker bool `field:"is_kworker"` // SECLDoc[is_kworker] Definition:`Indicates whether the process is a kworker` ExecInode uint64 `field:"-"` // used to track exec and event loss }
PIDContext holds the process context of an kernel event
func (*PIDContext) UnmarshalBinary ¶ added in v0.37.0
func (p *PIDContext) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself, process_context_t kernel side
type PTraceEvent ¶ added in v0.34.0
type PTraceEvent struct { SyscallEvent Request uint32 `field:"request"` // SECLDoc[request] Definition:`ptrace request` Constants:`Ptrace constants` PID uint32 `field:"-" json:"-"` Address uint64 `field:"-" json:"-"` Tracee *ProcessContext `field:"tracee"` // process context of the tracee }
PTraceEvent represents a ptrace event
func (*PTraceEvent) UnmarshalBinary ¶ added in v0.34.0
func (e *PTraceEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type PTraceRequest ¶ added in v0.34.0
type PTraceRequest uint32
PTraceRequest represents a ptrace request value
func (PTraceRequest) String ¶ added in v0.34.0
func (f PTraceRequest) String() string
type PathKey ¶ added in v0.44.0
type PathKey struct { Inode uint64 `field:"inode"` // SECLDoc[inode] Definition:`Inode of the file` MountID uint32 `field:"mount_id"` // SECLDoc[mount_id] Definition:`Mount ID of the file` PathID uint32 `field:"-"` }
PathKey identifies an entry in the dentry cache
func (*PathKey) MarshalBinary ¶ added in v0.44.0
MarshalBinary returns the binary representation of a path key
func (*PathKey) UnmarshalBinary ¶ added in v0.44.0
UnmarshalBinary unmarshals the given content
type PathLeaf ¶ added in v0.45.0
type PathLeaf struct { Parent PathKey Name [MaxSegmentLength + 1]byte Len uint16 }
PathLeaf is the go representation of the eBPF path_leaf_t structure
func (*PathLeaf) MarshalBinary ¶ added in v0.45.0
MarshalBinary returns the binary representation of a path key
type PipeBufFlag ¶ added in v0.35.0
type PipeBufFlag int
PipeBufFlag represents a pipe buffer flag
const ( // PipeBufFlagLRU pipe buffer flag PipeBufFlagLRU PipeBufFlag = 0x1 /* page is on the LRU */ // PipeBufFlagAtomic pipe buffer flag PipeBufFlagAtomic PipeBufFlag = 0x2 /* was atomically mapped */ // PipeBufFlagGift pipe buffer flag PipeBufFlagGift PipeBufFlag = 0x4 /* page is a gift */ // PipeBufFlagPacket pipe buffer flag PipeBufFlagPacket PipeBufFlag = 0x8 /* read() as a packet */ // PipeBufFlagCanMerge pipe buffer flag PipeBufFlagCanMerge PipeBufFlag = 0x10 /* can merge buffers */ // PipeBufFlagWhole pipe buffer flag PipeBufFlagWhole PipeBufFlag = 0x20 /* read() must return entire buffer or error */ // PipeBufFlagLoss pipe buffer flag PipeBufFlagLoss PipeBufFlag = 0x40 /* Message loss happened after this buffer */ )
func (PipeBufFlag) String ¶ added in v0.35.0
func (pbf PipeBufFlag) String() string
type Process ¶
type Process struct { PIDContext FileEvent FileEvent `field:"file,check:IsNotKworker"` ContainerID string `field:"container.id"` // SECLDoc[container.id] Definition:`Container ID` SpanID uint64 `field:"-"` TraceID uint64 `field:"-"` TTYName string `field:"tty_name"` // SECLDoc[tty_name] Definition:`Name of the TTY associated with the process` Comm string `field:"comm"` // SECLDoc[comm] Definition:`Comm attribute of the process` LinuxBinprm LinuxBinprm `field:"interpreter,check:HasInterpreter"` // Script interpreter as identified by the shebang // pid_cache_t ForkTime time.Time `field:"fork_time,opts:getters_only" json:"-"` ExitTime time.Time `field:"exit_time,opts:getters_only" json:"-"` ExecTime time.Time `field:"exec_time,opts:getters_only" json:"-"` // TODO: merge with ExecTime CreatedAt uint64 `field:"created_at,handler:ResolveProcessCreatedAt"` // SECLDoc[created_at] Definition:`Timestamp of the creation of the process` Cookie uint64 `field:"-"` PPid uint32 `field:"ppid"` // SECLDoc[ppid] Definition:`Parent process ID` // credentials_t section of pid_cache_t Credentials ArgsID uint32 `field:"-" json:"-"` EnvsID uint32 `field:"-" json:"-"` ArgsEntry *ArgsEntry `field:"-" json:"-"` EnvsEntry *EnvsEntry `field:"-" json:"-"` // defined to generate accessors, ArgsTruncated and EnvsTruncated are used during by unmarshaller Argv0 string `field:"argv0,handler:ResolveProcessArgv0,weight:100"` // SECLDoc[argv0] Definition:`First argument of the process` Args string `field:"args,handler:ResolveProcessArgs,weight:100"` // SECLDoc[args] Definition:`Arguments of the process (as a string, excluding argv0)` Example:`exec.args == "-sV -p 22,53,110,143,4564 198.116.0-255.1-127"` Description:`Matches any process with these exact arguments.` Example:`exec.args =~ "* -F * http*"` Description:`Matches any process that has the "-F" argument anywhere before an argument starting with "http".` Argv []string `` // SECLDoc[argv] Definition:`Arguments of the process (as an array, excluding argv0)` Example:`exec.argv in ["127.0.0.1"]` Description:`Matches any process that has this IP address as one of its arguments.` SECLDoc[args_flags] Definition:`Flags in the process arguments` Example:`exec.args_flags in ["s"] && exec.args_flags in ["V"]` Description:`Matches any process with both "-s" and "-V" flags in its arguments. Also matches "-sV".` SECLDoc[args_options] Definition:`Argument of the process as options` Example:`exec.args_options in ["p=0-1024"]` Description:`Matches any process that has either "-p 0-1024" or "--p=0-1024" in its arguments.` /* 166-byte string literal not displayed */ ArgsTruncated bool `field:"args_truncated,handler:ResolveProcessArgsTruncated"` // SECLDoc[args_truncated] Definition:`Indicator of arguments truncation` Envs []string `field:"envs,handler:ResolveProcessEnvs:100"` // SECLDoc[envs] Definition:`Environment variable names of the process` Envp []string `field:"envp,handler:ResolveProcessEnvp:100"` // SECLDoc[envp] Definition:`Environment variables of the process` EnvsTruncated bool `field:"envs_truncated,handler:ResolveProcessEnvsTruncated"` // SECLDoc[envs_truncated] Definition:`Indicator of environment variables truncation` // symlink to the process binary SymlinkPathnameStr [MaxSymlinks]string `field:"-" json:"-"` SymlinkBasenameStr string `field:"-" json:"-"` // cache version ScrubbedArgvResolved bool `field:"-" json:"-"` Variables eval.Variables `field:"-" json:"-"` IsThread bool `field:"is_thread"` // SECLDoc[is_thread] Definition:`Indicates whether the process is considered a thread (that is, a child process that hasn't executed another program)` IsExecChild bool `field:"-"` // Indicates whether the process is an exec child of its parent IsParentMissing bool `field:"-"` // Indicates the direct parent is missing Source uint64 `field:"-" json:"-"` // contains filtered or unexported fields }
Process represents a process
func (*Process) GetPathResolutionError ¶
GetPathResolutionError returns the path resolution error as a string if there is one
func (*Process) HasInterpreter ¶ added in v0.40.0
HasInterpreter returns whether the process uses an interpreter
func (*Process) IsNotKworker ¶ added in v0.42.0
IsNotKworker returns true if the process isn't a kworker
func (*Process) MarshalPidCache ¶ added in v0.36.0
MarshalPidCache marshals a binary representation of itself
func (*Process) MarshalProcCache ¶ added in v0.36.0
MarshalProcCache marshals a binary representation of itself
func (*Process) UnmarshalBinary ¶
UnmarshalBinary unmarshalls a binary representation of itself
func (*Process) UnmarshalPidCacheBinary ¶ added in v0.39.0
UnmarshalPidCacheBinary unmarshalls Unmarshal pid_cache_t
type ProcessAncestorsIterator ¶
type ProcessAncestorsIterator struct {
// contains filtered or unexported fields
}
ProcessAncestorsIterator defines an iterator of ancestors
func (*ProcessAncestorsIterator) Front ¶
func (it *ProcessAncestorsIterator) Front(ctx *eval.Context) unsafe.Pointer
Front returns the first element
func (*ProcessAncestorsIterator) Next ¶
func (it *ProcessAncestorsIterator) Next() unsafe.Pointer
Next returns the next element
type ProcessCacheEntry ¶
type ProcessCacheEntry struct { ProcessContext // contains filtered or unexported fields }
ProcessCacheEntry this struct holds process context kept in the process tree
func GetPlaceholderProcessCacheEntry ¶ added in v0.49.0
func GetPlaceholderProcessCacheEntry(pid uint32, tid uint32, isKworker bool) *ProcessCacheEntry
GetPlaceholderProcessCacheEntry returns an empty process cache entry for failed process resolutions
func NewPlaceholderProcessCacheEntry ¶ added in v0.49.0
func NewPlaceholderProcessCacheEntry(pid uint32, tid uint32, isKworker bool) *ProcessCacheEntry
NewPlaceholderProcessCacheEntry returns a new empty process cache entry for failed process resolutions
func NewProcessCacheEntry ¶
func NewProcessCacheEntry(onRelease func(_ *ProcessCacheEntry)) *ProcessCacheEntry
NewProcessCacheEntry returns a new process cache entry
func (*ProcessCacheEntry) ApplyExecTimeOf ¶ added in v0.47.0
func (pc *ProcessCacheEntry) ApplyExecTimeOf(entry *ProcessCacheEntry)
ApplyExecTimeOf replace previous entry values by the given one
func (*ProcessCacheEntry) Equals ¶ added in v0.36.0
func (pc *ProcessCacheEntry) Equals(entry *ProcessCacheEntry) bool
Equals returns whether process cache entries share the same values for file and args/envs
func (*ProcessCacheEntry) Exec ¶
func (pc *ProcessCacheEntry) Exec(entry *ProcessCacheEntry)
Exec replace a process
func (*ProcessCacheEntry) Exit ¶
func (pc *ProcessCacheEntry) Exit(exitTime time.Time)
Exit a process
func (*ProcessCacheEntry) Fork ¶
func (pc *ProcessCacheEntry) Fork(childEntry *ProcessCacheEntry)
Fork returns a copy of the current ProcessCacheEntry
func (*ProcessCacheEntry) HasValidLineage ¶ added in v0.49.0
func (pc *ProcessCacheEntry) HasValidLineage() (bool, error)
HasValidLineage returns false if, from the entry, we cannot ascend the ancestors list to PID 1 or if a new is having a missing parent
func (*ProcessCacheEntry) IsContainerRoot ¶ added in v0.44.0
func (pc *ProcessCacheEntry) IsContainerRoot() bool
IsContainerRoot returns whether this is a top level process in the container ID
func (*ProcessCacheEntry) Release ¶
func (pc *ProcessCacheEntry) Release()
Release decrement and eventually release the entry
func (*ProcessCacheEntry) Retain ¶
func (pc *ProcessCacheEntry) Retain()
Retain increment ref counter
func (*ProcessCacheEntry) SetAncestor ¶
func (pc *ProcessCacheEntry) SetAncestor(parent *ProcessCacheEntry)
SetAncestor sets the ancestor
func (*ProcessCacheEntry) SetParentOfForkChild ¶ added in v0.42.0
func (pc *ProcessCacheEntry) SetParentOfForkChild(parent *ProcessCacheEntry)
SetParentOfForkChild set the parent of a fork child
func (*ProcessCacheEntry) SetReleaseCallback ¶ added in v0.35.0
func (pc *ProcessCacheEntry) SetReleaseCallback(callback func())
SetReleaseCallback set the callback called when the entry is released
type ProcessContext ¶
type ProcessContext struct { Process Parent *Process `field:"parent,opts:exposed_at_event_root_only,check:HasParent"` Ancestor *ProcessCacheEntry `field:"ancestors,iterator:ProcessAncestorsIterator,check:IsNotKworker"` }
ProcessContext holds the process context of an event
func (*ProcessContext) HasParent ¶ added in v0.42.0
func (p *ProcessContext) HasParent() bool
HasParent returns whether the process has a parent
type Protection ¶ added in v0.34.0
type Protection int
Protection represents a virtual memory protection bitmask value
func (Protection) String ¶ added in v0.34.0
func (p Protection) String() string
type QClass ¶ added in v0.36.0
type QClass uint32
QClass is used to declare the qclass field of a DNS request
type QType ¶ added in v0.36.0
type QType uint32
QType is used to declare the qtype field of a DNS request
type Releasable ¶ added in v0.46.0
type Releasable struct {
// contains filtered or unexported fields
}
Releasable represents an object than can be released
func (*Releasable) CallReleaseCallback ¶ added in v0.46.0
func (r *Releasable) CallReleaseCallback()
CallReleaseCallback calls the on-release callback
func (*Releasable) OnRelease ¶ added in v0.46.0
func (r *Releasable) OnRelease()
OnRelease triggers the callback
func (*Releasable) SetReleaseCallback ¶ added in v0.46.0
func (r *Releasable) SetReleaseCallback(callback func())
SetReleaseCallback sets a callback to be called when the cache entry is released
type RenameEvent ¶
type RenameEvent struct { SyscallEvent Old FileEvent `field:"file"` New FileEvent `field:"file.destination"` }
RenameEvent represents a rename event
func (*RenameEvent) UnmarshalBinary ¶
func (e *RenameEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type RetValError ¶
type RetValError int
RetValError represents a syscall return error value
func (RetValError) String ¶
func (f RetValError) String() string
type RmdirEvent ¶
type RmdirEvent struct { SyscallEvent File FileEvent `field:"file"` }
RmdirEvent represents a rmdir event
func (*RmdirEvent) UnmarshalBinary ¶
func (e *RmdirEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SELinuxEvent ¶
type SELinuxEvent struct { File FileEvent `field:"-" json:"-"` EventKind SELinuxEventKind `field:"-" json:"-"` BoolName string `field:"bool.name,handler:ResolveSELinuxBoolName"` // SECLDoc[bool.name] Definition:`SELinux boolean name` BoolChangeValue string `field:"bool.state"` // SECLDoc[bool.state] Definition:`SELinux boolean new value` BoolCommitValue bool `field:"bool_commit.state"` // SECLDoc[bool_commit.state] Definition:`Indicator of a SELinux boolean commit operation` EnforceStatus string `field:"enforce.status"` // SECLDoc[enforce.status] Definition:`SELinux enforcement status (one of "enforcing", "permissive", "disabled")` }
SELinuxEvent represents a selinux event
func (*SELinuxEvent) UnmarshalBinary ¶
func (e *SELinuxEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SELinuxEventKind ¶
type SELinuxEventKind uint32
SELinuxEventKind represents the event kind for SELinux events
const ( // SELinuxBoolChangeEventKind represents SELinux boolean change events SELinuxBoolChangeEventKind SELinuxEventKind = iota // SELinuxStatusChangeEventKind represents SELinux status change events SELinuxStatusChangeEventKind // SELinuxBoolCommitEventKind represents SELinux boolean commit events SELinuxBoolCommitEventKind )
type SecurityProfileContext ¶ added in v0.45.0
type SecurityProfileContext struct { Name string `field:"name"` // SECLDoc[name] Definition:`Name of the security profile` Status Status `field:"status"` // SECLDoc[status] Definition:`Status of the security profile` Version string `field:"version"` // SECLDoc[version] Definition:`Version of the security profile` Tags []string `field:"tags"` // SECLDoc[tags] Definition:`Tags of the security profile` AnomalyDetectionEventTypes []EventType `field:"anomaly_detection_event_types"` // SECLDoc[anomaly_detection_event_types] Definition:`Event types enabled for anomaly detection` }
SecurityProfileContext holds the security context of the profile
func (SecurityProfileContext) CanGenerateAnomaliesFor ¶ added in v0.46.0
func (spc SecurityProfileContext) CanGenerateAnomaliesFor(evtType EventType) bool
CanGenerateAnomaliesFor returns true if the current profile can generate anomalies for the provided event type
type SetXAttrEvent ¶
type SetXAttrEvent struct { SyscallEvent File FileEvent `field:"file"` Namespace string `field:"file.destination.namespace,handler:ResolveXAttrNamespace"` // SECLDoc[file.destination.namespace] Definition:`Namespace of the extended attribute` Name string `field:"file.destination.name,handler:ResolveXAttrName"` // SECLDoc[file.destination.name] Definition:`Name of the extended attribute` NameRaw [200]byte `field:"-" json:"-"` }
SetXAttrEvent represents an extended attributes event
func (*SetXAttrEvent) UnmarshalBinary ¶
func (e *SetXAttrEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SetgidEvent ¶
type SetgidEvent struct { GID uint32 `field:"gid"` // SECLDoc[gid] Definition:`New GID of the process` Group string `field:"group,handler:ResolveSetgidGroup"` // SECLDoc[group] Definition:`New group of the process` EGID uint32 `field:"egid"` // SECLDoc[egid] Definition:`New effective GID of the process` EGroup string `field:"egroup,handler:ResolveSetgidEGroup"` // SECLDoc[egroup] Definition:`New effective group of the process` FSGID uint32 `field:"fsgid"` // SECLDoc[fsgid] Definition:`New FileSystem GID of the process` FSGroup string `field:"fsgroup,handler:ResolveSetgidFSGroup"` // SECLDoc[fsgroup] Definition:`New FileSystem group of the process` }
SetgidEvent represents a setgid event
func (*SetgidEvent) UnmarshalBinary ¶
func (e *SetgidEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SetuidEvent ¶
type SetuidEvent struct { UID uint32 `field:"uid"` // SECLDoc[uid] Definition:`New UID of the process` User string `field:"user,handler:ResolveSetuidUser"` // SECLDoc[user] Definition:`New user of the process` EUID uint32 `field:"euid"` // SECLDoc[euid] Definition:`New effective UID of the process` EUser string `field:"euser,handler:ResolveSetuidEUser"` // SECLDoc[euser] Definition:`New effective user of the process` FSUID uint32 `field:"fsuid"` // SECLDoc[fsuid] Definition:`New FileSystem UID of the process` FSUser string `field:"fsuser,handler:ResolveSetuidFSUser"` // SECLDoc[fsuser] Definition:`New FileSystem user of the process` }
SetuidEvent represents a setuid event
func (*SetuidEvent) UnmarshalBinary ¶
func (e *SetuidEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type Signal ¶ added in v0.35.0
type Signal int
Signal represents a type of unix signal (ie, SIGKILL, SIGSTOP etc)
type SignalEvent ¶ added in v0.35.0
type SignalEvent struct { SyscallEvent Type uint32 `field:"type"` // SECLDoc[type] Definition:`Signal type (ex: SIGHUP, SIGINT, SIGQUIT, etc)` Constants:`Signal constants` PID uint32 `field:"pid"` // SECLDoc[pid] Definition:`Target PID` Target *ProcessContext `field:"target"` // Target process context }
SignalEvent represents a signal event
func (*SignalEvent) UnmarshalBinary ¶ added in v0.35.0
func (e *SignalEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type SpanContext ¶
SpanContext describes a span context
func (*SpanContext) UnmarshalBinary ¶
func (s *SpanContext) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SpliceEvent ¶ added in v0.35.0
type SpliceEvent struct { SyscallEvent File FileEvent `field:"file"` // File modified by the splice syscall PipeEntryFlag uint32 `field:"pipe_entry_flag"` // SECLDoc[pipe_entry_flag] Definition:`Entry flag of the "fd_out" pipe passed to the splice syscall` Constants:`Pipe buffer flags` PipeExitFlag uint32 `field:"pipe_exit_flag"` // SECLDoc[pipe_exit_flag] Definition:`Exit flag of the "fd_out" pipe passed to the splice syscall` Constants:`Pipe buffer flags` }
SpliceEvent represents a splice event
func (*SpliceEvent) UnmarshalBinary ¶ added in v0.35.0
func (e *SpliceEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type Status ¶ added in v0.45.0
type Status uint32
Status defines the possible status of a profile as a bitmask
const ( // AnomalyDetection will trigger alerts each time an event is not part of the profile AnomalyDetection Status = 1 << iota // AutoSuppression will suppress any signal to events present on the profile AutoSuppression // WorkloadHardening will kill the process that triggered anomaly detection WorkloadHardening )
type Syscall ¶ added in v0.39.0
type Syscall int
Syscall represents a syscall identifier
const ( SysRead Syscall = 0 SysWrite Syscall = 1 SysOpen Syscall = 2 SysClose Syscall = 3 SysStat Syscall = 4 SysFstat Syscall = 5 SysLstat Syscall = 6 SysPoll Syscall = 7 SysLseek Syscall = 8 SysMmap Syscall = 9 SysMprotect Syscall = 10 SysMunmap Syscall = 11 SysBrk Syscall = 12 SysRtSigaction Syscall = 13 SysRtSigprocmask Syscall = 14 SysRtSigreturn Syscall = 15 SysIoctl Syscall = 16 SysPread64 Syscall = 17 SysPwrite64 Syscall = 18 SysReadv Syscall = 19 SysWritev Syscall = 20 SysAccess Syscall = 21 SysPipe Syscall = 22 SysSelect Syscall = 23 SysSchedYield Syscall = 24 SysMremap Syscall = 25 SysMsync Syscall = 26 SysMincore Syscall = 27 SysMadvise Syscall = 28 SysShmget Syscall = 29 SysShmat Syscall = 30 SysShmctl Syscall = 31 SysDup Syscall = 32 SysDup2 Syscall = 33 SysPause Syscall = 34 SysNanosleep Syscall = 35 SysGetitimer Syscall = 36 SysAlarm Syscall = 37 SysSetitimer Syscall = 38 SysGetpid Syscall = 39 SysSendfile Syscall = 40 SysSocket Syscall = 41 SysConnect Syscall = 42 SysAccept Syscall = 43 SysSendto Syscall = 44 SysRecvfrom Syscall = 45 SysSendmsg Syscall = 46 SysRecvmsg Syscall = 47 SysShutdown Syscall = 48 SysBind Syscall = 49 SysListen Syscall = 50 SysGetsockname Syscall = 51 SysGetpeername Syscall = 52 SysSocketpair Syscall = 53 SysSetsockopt Syscall = 54 SysGetsockopt Syscall = 55 SysClone Syscall = 56 SysFork Syscall = 57 SysVfork Syscall = 58 SysExecve Syscall = 59 SysExit Syscall = 60 SysWait4 Syscall = 61 SysKill Syscall = 62 SysUname Syscall = 63 SysSemget Syscall = 64 SysSemop Syscall = 65 SysSemctl Syscall = 66 SysShmdt Syscall = 67 SysMsgget Syscall = 68 SysMsgsnd Syscall = 69 SysMsgrcv Syscall = 70 SysMsgctl Syscall = 71 SysFcntl Syscall = 72 SysFlock Syscall = 73 SysFsync Syscall = 74 SysFdatasync Syscall = 75 SysTruncate Syscall = 76 SysFtruncate Syscall = 77 SysGetdents Syscall = 78 SysGetcwd Syscall = 79 SysChdir Syscall = 80 SysFchdir Syscall = 81 SysRename Syscall = 82 SysMkdir Syscall = 83 SysRmdir Syscall = 84 SysCreat Syscall = 85 SysLink Syscall = 86 SysUnlink Syscall = 87 SysSymlink Syscall = 88 SysReadlink Syscall = 89 SysChmod Syscall = 90 SysFchmod Syscall = 91 SysChown Syscall = 92 SysFchown Syscall = 93 SysLchown Syscall = 94 SysUmask Syscall = 95 SysGettimeofday Syscall = 96 SysGetrlimit Syscall = 97 SysGetrusage Syscall = 98 SysSysinfo Syscall = 99 SysTimes Syscall = 100 SysPtrace Syscall = 101 SysGetuid Syscall = 102 SysSyslog Syscall = 103 SysGetgid Syscall = 104 SysSetuid Syscall = 105 SysSetgid Syscall = 106 SysGeteuid Syscall = 107 SysGetegid Syscall = 108 SysSetpgid Syscall = 109 SysGetppid Syscall = 110 SysGetpgrp Syscall = 111 SysSetsid Syscall = 112 SysSetreuid Syscall = 113 SysSetregid Syscall = 114 SysGetgroups Syscall = 115 SysSetgroups Syscall = 116 SysSetresuid Syscall = 117 SysGetresuid Syscall = 118 SysSetresgid Syscall = 119 SysGetresgid Syscall = 120 SysGetpgid Syscall = 121 SysSetfsuid Syscall = 122 SysSetfsgid Syscall = 123 SysGetsid Syscall = 124 SysCapget Syscall = 125 SysCapset Syscall = 126 SysRtSigpending Syscall = 127 SysRtSigtimedwait Syscall = 128 SysRtSigqueueinfo Syscall = 129 SysRtSigsuspend Syscall = 130 SysSigaltstack Syscall = 131 SysUtime Syscall = 132 SysMknod Syscall = 133 SysUselib Syscall = 134 SysPersonality Syscall = 135 SysUstat Syscall = 136 SysStatfs Syscall = 137 SysFstatfs Syscall = 138 SysSysfs Syscall = 139 SysGetpriority Syscall = 140 SysSetpriority Syscall = 141 SysSchedSetparam Syscall = 142 SysSchedGetparam Syscall = 143 SysSchedSetscheduler Syscall = 144 SysSchedGetscheduler Syscall = 145 SysSchedGetPriorityMax Syscall = 146 SysSchedGetPriorityMin Syscall = 147 SysSchedRrGetInterval Syscall = 148 SysMlock Syscall = 149 SysMunlock Syscall = 150 SysMlockall Syscall = 151 SysMunlockall Syscall = 152 SysVhangup Syscall = 153 SysModifyLdt Syscall = 154 SysPivotRoot Syscall = 155 SysSysctl Syscall = 156 SysPrctl Syscall = 157 SysArchPrctl Syscall = 158 SysAdjtimex Syscall = 159 SysSetrlimit Syscall = 160 SysChroot Syscall = 161 SysSync Syscall = 162 SysAcct Syscall = 163 SysSettimeofday Syscall = 164 SysMount Syscall = 165 SysUmount2 Syscall = 166 SysSwapon Syscall = 167 SysSwapoff Syscall = 168 SysReboot Syscall = 169 SysSethostname Syscall = 170 SysSetdomainname Syscall = 171 SysIopl Syscall = 172 SysIoperm Syscall = 173 SysCreateModule Syscall = 174 SysInitModule Syscall = 175 SysDeleteModule Syscall = 176 SysGetKernelSyms Syscall = 177 SysQueryModule Syscall = 178 SysQuotactl Syscall = 179 SysNfsservctl Syscall = 180 SysGetpmsg Syscall = 181 SysPutpmsg Syscall = 182 SysAfsSyscall Syscall = 183 SysTuxcall Syscall = 184 SysSecurity Syscall = 185 SysGettid Syscall = 186 SysReadahead Syscall = 187 SysSetxattr Syscall = 188 SysLsetxattr Syscall = 189 SysFsetxattr Syscall = 190 SysGetxattr Syscall = 191 SysLgetxattr Syscall = 192 SysFgetxattr Syscall = 193 SysListxattr Syscall = 194 SysLlistxattr Syscall = 195 SysFlistxattr Syscall = 196 SysRemovexattr Syscall = 197 SysLremovexattr Syscall = 198 SysFremovexattr Syscall = 199 SysTkill Syscall = 200 SysTime Syscall = 201 SysFutex Syscall = 202 SysSchedSetaffinity Syscall = 203 SysSchedGetaffinity Syscall = 204 SysSetThreadArea Syscall = 205 SysIoSetup Syscall = 206 SysIoDestroy Syscall = 207 SysIoGetevents Syscall = 208 SysIoSubmit Syscall = 209 SysIoCancel Syscall = 210 SysGetThreadArea Syscall = 211 SysEpollCreate Syscall = 213 SysEpollCtlOld Syscall = 214 SysEpollWaitOld Syscall = 215 SysRemapFilePages Syscall = 216 SysGetdents64 Syscall = 217 SysSetTidAddress Syscall = 218 SysRestartSyscall Syscall = 219 SysSemtimedop Syscall = 220 SysFadvise64 Syscall = 221 SysTimerCreate Syscall = 222 SysTimerSettime Syscall = 223 SysTimerGettime Syscall = 224 SysTimerGetoverrun Syscall = 225 SysTimerDelete Syscall = 226 SysClockSettime Syscall = 227 SysClockGettime Syscall = 228 SysClockGetres Syscall = 229 SysClockNanosleep Syscall = 230 SysExitGroup Syscall = 231 SysEpollWait Syscall = 232 SysEpollCtl Syscall = 233 SysTgkill Syscall = 234 SysUtimes Syscall = 235 SysVserver Syscall = 236 SysMbind Syscall = 237 SysSetMempolicy Syscall = 238 SysGetMempolicy Syscall = 239 SysMqOpen Syscall = 240 SysMqUnlink Syscall = 241 SysMqTimedsend Syscall = 242 SysMqTimedreceive Syscall = 243 SysMqNotify Syscall = 244 SysMqGetsetattr Syscall = 245 SysKexecLoad Syscall = 246 SysWaitid Syscall = 247 SysAddKey Syscall = 248 SysRequestKey Syscall = 249 SysKeyctl Syscall = 250 SysIoprioSet Syscall = 251 SysIoprioGet Syscall = 252 SysInotifyInit Syscall = 253 SysInotifyAddWatch Syscall = 254 SysInotifyRmWatch Syscall = 255 SysMigratePages Syscall = 256 SysOpenat Syscall = 257 SysMkdirat Syscall = 258 SysMknodat Syscall = 259 SysFchownat Syscall = 260 SysFutimesat Syscall = 261 SysNewfstatat Syscall = 262 SysUnlinkat Syscall = 263 SysRenameat Syscall = 264 SysLinkat Syscall = 265 SysSymlinkat Syscall = 266 SysReadlinkat Syscall = 267 SysFchmodat Syscall = 268 SysFaccessat Syscall = 269 SysPselect6 Syscall = 270 SysPpoll Syscall = 271 SysSetRobustList Syscall = 273 SysGetRobustList Syscall = 274 SysSplice Syscall = 275 SysTee Syscall = 276 SysSyncFileRange Syscall = 277 SysVmsplice Syscall = 278 SysMovePages Syscall = 279 SysUtimensat Syscall = 280 SysEpollPwait Syscall = 281 SysSignalfd Syscall = 282 SysTimerfdCreate Syscall = 283 SysEventfd Syscall = 284 SysFallocate Syscall = 285 SysTimerfdSettime Syscall = 286 SysTimerfdGettime Syscall = 287 SysAccept4 Syscall = 288 SysSignalfd4 Syscall = 289 SysEventfd2 Syscall = 290 SysEpollCreate1 Syscall = 291 SysDup3 Syscall = 292 SysPipe2 Syscall = 293 SysInotifyInit1 Syscall = 294 SysPreadv Syscall = 295 SysPwritev Syscall = 296 SysRtTgsigqueueinfo Syscall = 297 SysPerfEventOpen Syscall = 298 SysRecvmmsg Syscall = 299 SysFanotifyInit Syscall = 300 SysFanotifyMark Syscall = 301 SysPrlimit64 Syscall = 302 SysNameToHandleAt Syscall = 303 SysOpenByHandleAt Syscall = 304 SysClockAdjtime Syscall = 305 SysSyncfs Syscall = 306 SysSendmmsg Syscall = 307 SysSetns Syscall = 308 SysGetcpu Syscall = 309 SysProcessVmReadv Syscall = 310 SysProcessVmWritev Syscall = 311 SysKcmp Syscall = 312 SysFinitModule Syscall = 313 SysSchedSetattr Syscall = 314 SysSchedGetattr Syscall = 315 SysRenameat2 Syscall = 316 SysSeccomp Syscall = 317 SysGetrandom Syscall = 318 SysMemfdCreate Syscall = 319 SysKexecFileLoad Syscall = 320 SysBpf Syscall = 321 SysExecveat Syscall = 322 SysUserfaultfd Syscall = 323 SysMembarrier Syscall = 324 SysMlock2 Syscall = 325 SysCopyFileRange Syscall = 326 SysPreadv2 Syscall = 327 SysPwritev2 Syscall = 328 SysPkeyMprotect Syscall = 329 SysPkeyAlloc Syscall = 330 SysPkeyFree Syscall = 331 SysStatx Syscall = 332 SysIoPgetevents Syscall = 333 SysRseq Syscall = 334 SysPidfdSendSignal Syscall = 424 SysIoUringSetup Syscall = 425 SysIoUringEnter Syscall = 426 SysIoUringRegister Syscall = 427 SysOpenTree Syscall = 428 SysMoveMount Syscall = 429 SysFsopen Syscall = 430 SysFsconfig Syscall = 431 SysFsmount Syscall = 432 SysFspick Syscall = 433 SysPidfdOpen Syscall = 434 SysClone3 Syscall = 435 SysCloseRange Syscall = 436 SysOpenat2 Syscall = 437 SysPidfdGetfd Syscall = 438 SysFaccessat2 Syscall = 439 SysProcessMadvise Syscall = 440 SysEpollPwait2 Syscall = 441 SysMountSetattr Syscall = 442 SysQuotactlFd Syscall = 443 SysLandlockCreateRuleset Syscall = 444 SysLandlockAddRule Syscall = 445 SysLandlockRestrictSelf Syscall = 446 SysMemfdSecret Syscall = 447 SysProcessMrelease Syscall = 448 SysFutexWaitv Syscall = 449 SysSetMempolicyHomeNode Syscall = 450 )
Linux syscall identifiers
func (Syscall) MarshalText ¶ added in v0.39.0
MarshalText maps the syscall identifier to UTF-8-encoded text and returns the result
type SyscallEvent ¶
type SyscallEvent struct {
Retval int64 `field:"retval"` // SECLDoc[retval] Definition:`Return value of the syscall` Constants:`Error constants`
}
SyscallEvent contains common fields for all the event
func (*SyscallEvent) UnmarshalBinary ¶
func (e *SyscallEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type SyscallsEvent ¶ added in v0.39.0
type SyscallsEvent struct {
Syscalls []Syscall // 64 * 8 = 512 > 450, bytes should be enough to hold all 450 syscalls
}
SyscallsEvent represents a syscalls event
func (*SyscallsEvent) UnmarshalBinary ¶ added in v0.39.0
func (e *SyscallsEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type UmountEvent ¶
type UmountEvent struct { SyscallEvent MountID uint32 }
UmountEvent represents an umount event
func (*UmountEvent) UnmarshalBinary ¶
func (e *UmountEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type UnlinkEvent ¶
type UnlinkEvent struct { SyscallEvent File FileEvent `field:"file"` Flags uint32 `field:"flags"` // SECLDoc[flags] Definition:`Flags of the unlink syscall` Constants:`Unlink flags` }
UnlinkEvent represents an unlink event
func (*UnlinkEvent) UnmarshalBinary ¶
func (e *UnlinkEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type UnlinkFlags ¶
type UnlinkFlags int
UnlinkFlags represents an unlink flags bitmask value
func (UnlinkFlags) String ¶
func (f UnlinkFlags) String() string
func (UnlinkFlags) StringArray ¶
func (f UnlinkFlags) StringArray() []string
StringArray returns the unlink flags as an array of strings
type UnloadModuleEvent ¶ added in v0.35.0
type UnloadModuleEvent struct { SyscallEvent Name string `field:"name"` // SECLDoc[name] Definition:`Name of the kernel module that was deleted` }
UnloadModuleEvent represents an unload_module event
func (*UnloadModuleEvent) UnmarshalBinary ¶ added in v0.35.0
func (e *UnloadModuleEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshals a binary representation of itself
type UnshareMountNSEvent ¶ added in v0.42.0
type UnshareMountNSEvent struct {
}UnshareMountNSEvent represents a mount cloned from a newly created mount namespace
func (*UnshareMountNSEvent) UnmarshalBinary ¶ added in v0.42.0
func (e *UnshareMountNSEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type UtimesEvent ¶
type UtimesEvent struct { SyscallEvent File FileEvent `field:"file"` Atime time.Time `field:"-" json:"-"` Mtime time.Time `field:"-" json:"-"` }
UtimesEvent represents a utime event
func (*UtimesEvent) UnmarshalBinary ¶
func (e *UtimesEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
type VethPairEvent ¶ added in v0.36.0
type VethPairEvent struct { SyscallEvent HostDevice NetDevice PeerDevice NetDevice }
VethPairEvent represents a veth pair event
func (*VethPairEvent) UnmarshalBinary ¶ added in v0.36.0
func (e *VethPairEvent) UnmarshalBinary(data []byte) (int, error)
UnmarshalBinary unmarshalls a binary representation of itself
Source Files ¶
- accessors_unix.go
- args_envs.go
- byteorder.go
- category.go
- consts_common.go
- consts_linux.go
- consts_linux_amd64.go
- consts_map_names.go
- dns_helpers_linux.go
- errors.go
- events.go
- field_accessors_unix.go
- field_handlers_unix.go
- legacy_secl.go
- marshallers_linux.go
- model.go
- model_string.go
- model_unix.go
- oo_symlink_unix.go
- process_cache_entry_unix.go
- strings.go
- syscalls.go
- syscalls_linux_amd64.go
- syscalls_string_linux_amd64.go
- unmarshallers_linux.go
- utils.go
- variables.go
Directories ¶
Path | Synopsis |
---|---|
Package main holds main related files
|
Package main holds main related files |
Package main holds main related files
|
Package main holds main related files |