model

package
v0.61.0-rc.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 27, 2024 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Overview

Package model holds model related files

Package model holds the security profile data model

Package model holds model related files

Index

Constants

View Source
const (
	// MaxArgEnvSize maximum size of one argument or environment variable
	MaxArgEnvSize = 256
	// MaxArgsEnvsSize maximum number of args and/or envs
	MaxArgsEnvsSize = 256
)
View Source
const (
	// MaxSegmentLength defines the maximum length of each segment of a path
	MaxSegmentLength = 255

	// MaxPathDepth defines the maximum depth of a path
	// see pkg/security/ebpf/c/dentry_resolver.h: DR_MAX_TAIL_CALL * DR_MAX_ITERATION_DEPTH
	MaxPathDepth = 1363

	// MaxBpfObjName defines the maximum length of a Bpf object name
	MaxBpfObjName = 16

	// PathSuffix defines the suffix used for path fields
	PathSuffix = ".path"

	// NameSuffix defines the suffix used for name fields
	NameSuffix = ".name"

	// ContainerIDLen defines the length of a container ID
	ContainerIDLen = sha256.Size * 2

	// MaxSymlinks maximum symlinks captured
	MaxSymlinks = 2

	// MaxTracedCgroupsCount hard limit for the count of traced cgroups
	MaxTracedCgroupsCount = 128
)
View Source
const (
	// EventFlagsAsync async event
	EventFlagsAsync = 1 << iota

	// EventFlagsSavedByAD saved by ad
	EventFlagsSavedByAD

	// EventFlagsActivityDumpSample an AD sample
	EventFlagsActivityDumpSample

	// EventFlagsSecurityProfileInProfile true if the event was found in a profile
	EventFlagsSecurityProfileInProfile

	// EventFlagsAnomalyDetectionEvent true if the event is marked as being an anomaly
	EventFlagsAnomalyDetectionEvent

	// EventFlagsHasActiveActivityDump true if the event has an active activity dump associated to it
	EventFlagsHasActiveActivityDump
)
View Source
const (
	// IMDSRequestType is used to specify that the event is an IDMS request event
	IMDSRequestType = "request"
	// IMDSResponseType is used to specify that the event is an IMDS response event
	IMDSResponseType = "response"
	// IMDSAWSCloudProvider is used to report that the IMDS event is for AWS
	IMDSAWSCloudProvider = "aws"
	// IMDSGCPCloudProvider is used to report that the IMDS event is for GCP
	IMDSGCPCloudProvider = "gcp"
	// IMDSAzureCloudProvider is used to report that the IMDS event is for Azure
	IMDSAzureCloudProvider = "azure"
	// IMDSIBMCloudProvider is used to report that the IMDS event is for ibm
	IMDSIBMCloudProvider = "ibm"
	// IMDSOracleCloudProvider is used to report that the IMDS event is for Oracle
	IMDSOracleCloudProvider = "oracle"
)
View Source
const (
	LowerLayer = 1 << iota
	UpperLayer
)

File flags

View Source
const (
	OverlayFS = "overlay" // OverlayFS overlay filesystem
	TmpFS     = "tmpfs"   // TmpFS tmpfs
	UnknownFS = "unknown" // UnknownFS unknown filesystem

	ErrPathMustBeAbsolute = "all the path have to be absolute"            // ErrPathMustBeAbsolute tells when a path is not absolute
	ErrPathDepthLimit     = "path depths have to be shorter than"         // ErrPathDepthLimit tells when a path is too long
	ErrPathSegmentLimit   = "each segment of a path must be shorter than" // ErrPathSegmentLimit tells when a patch reached the segment limit

	// SizeOfCookie size of cookie
	SizeOfCookie = 8
)
View Source
const (
	ProcessCacheEntryFromUnknown     = iota // ProcessCacheEntryFromUnknown defines a process cache entry from unknown
	ProcessCacheEntryFromPlaceholder        // ProcessCacheEntryFromPlaceholder defines the source of a placeholder process cache entry
	ProcessCacheEntryFromEvent              // ProcessCacheEntryFromEvent defines a process cache entry from event
	ProcessCacheEntryFromKernelMap          // ProcessCacheEntryFromKernelMap defines a process cache entry from kernel map
	ProcessCacheEntryFromProcFS             // ProcessCacheEntryFromProcFS defines a process cache entry from procfs. Note that some exec parent may be missing.
	ProcessCacheEntryFromSnapshot           // ProcessCacheEntryFromSnapshot defines a process cache entry from snapshot
)
View Source
const (
	// AuditUIDUnset is used to specify that a login uid is not set
	AuditUIDUnset = math.MaxUint32
)
View Source
const DNSPreallocSize = 256

DNSPreallocSize defines DNS pre-alloc size

View Source
const PathKeySize = 16

PathKeySize defines the path key size

View Source
const PathLeafSize = PathKeySize + MaxSegmentLength + 1 + 2 + 6 // path_key + name + len + padding

PathLeafSize defines path_leaf struct size

Variables

View Source
var (
	// DNSQTypeConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
	// generate_constants:DNS qtypes,DNS qtypes are the supported DNS query types.
	DNSQTypeConstants = map[string]int{
		"None":       0,
		"A":          1,
		"NS":         2,
		"MD":         3,
		"MF":         4,
		"CNAME":      5,
		"SOA":        6,
		"MB":         7,
		"MG":         8,
		"MR":         9,
		"NULL":       10,
		"PTR":        12,
		"HINFO":      13,
		"MINFO":      14,
		"MX":         15,
		"TXT":        16,
		"RP":         17,
		"AFSDB":      18,
		"X25":        19,
		"ISDN":       20,
		"RT":         21,
		"NSAPPTR":    23,
		"SIG":        24,
		"KEY":        25,
		"PX":         26,
		"GPOS":       27,
		"AAAA":       28,
		"LOC":        29,
		"NXT":        30,
		"EID":        31,
		"NIMLOC":     32,
		"SRV":        33,
		"ATMA":       34,
		"NAPTR":      35,
		"KX":         36,
		"CERT":       37,
		"DNAME":      39,
		"OPT":        41,
		"APL":        42,
		"DS":         43,
		"SSHFP":      44,
		"RRSIG":      46,
		"NSEC":       47,
		"DNSKEY":     48,
		"DHCID":      49,
		"NSEC3":      50,
		"NSEC3PARAM": 51,
		"TLSA":       52,
		"SMIMEA":     53,
		"HIP":        55,
		"NINFO":      56,
		"RKEY":       57,
		"TALINK":     58,
		"CDS":        59,
		"CDNSKEY":    60,
		"OPENPGPKEY": 61,
		"CSYNC":      62,
		"ZONEMD":     63,
		"SVCB":       64,
		"HTTPS":      65,
		"SPF":        99,
		"UINFO":      100,
		"UID":        101,
		"GID":        102,
		"UNSPEC":     103,
		"NID":        104,
		"L32":        105,
		"L64":        106,
		"LP":         107,
		"EUI48":      108,
		"EUI64":      109,
		"URI":        256,
		"CAA":        257,
		"AVC":        258,
		"TKEY":       249,
		"TSIG":       250,
		"IXFR":       251,
		"AXFR":       252,
		"MAILB":      253,
		"MAILA":      254,
		"ANY":        255,
		"TA":         32768,
		"DLV":        32769,
		"Reserved":   65535,
	}

	// DNSQClassConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
	// generate_constants:DNS qclasses,DNS qclasses are the supported DNS query classes.
	DNSQClassConstants = map[string]int{
		"CLASS_INET":   1,
		"CLASS_CSNET":  2,
		"CLASS_CHAOS":  3,
		"CLASS_HESIOD": 4,
		"CLASS_NONE":   254,
		"CLASS_ANY":    255,
	}

	// BooleanConstants holds the evaluator for boolean constants
	// generate_constants:Boolean constants,Boolean constants are the supported boolean constants.
	BooleanConstants = map[string]interface{}{

		"true":  &eval.BoolEvaluator{Value: true},
		"false": &eval.BoolEvaluator{Value: false},
	}

	// L3ProtocolConstants is the list of supported L3 protocols
	// generate_constants:L3 protocols,L3 protocols are the supported Layer 3 protocols.
	L3ProtocolConstants = map[string]L3Protocol{
		"ETH_P_LOOP":            EthPLOOP,
		"ETH_P_PUP":             EthPPUP,
		"ETH_P_PUPAT":           EthPPUPAT,
		"ETH_P_TSN":             EthPTSN,
		"ETH_P_IP":              EthPIP,
		"ETH_P_X25":             EthPX25,
		"ETH_P_ARP":             EthPARP,
		"ETH_P_BPQ":             EthPBPQ,
		"ETH_P_IEEEPUP":         EthPIEEEPUP,
		"ETH_P_IEEEPUPAT":       EthPIEEEPUPAT,
		"ETH_P_BATMAN":          EthPBATMAN,
		"ETH_P_DEC":             EthPDEC,
		"ETH_P_DNADL":           EthPDNADL,
		"ETH_P_DNARC":           EthPDNARC,
		"ETH_P_DNART":           EthPDNART,
		"ETH_P_LAT":             EthPLAT,
		"ETH_P_DIAG":            EthPDIAG,
		"ETH_P_CUST":            EthPCUST,
		"ETH_P_SCA":             EthPSCA,
		"ETH_P_TEB":             EthPTEB,
		"ETH_P_RARP":            EthPRARP,
		"ETH_P_ATALK":           EthPATALK,
		"ETH_P_AARP":            EthPAARP,
		"ETH_P_8021_Q":          EthP8021Q,
		"ETH_P_ERSPAN":          EthPERSPAN,
		"ETH_P_IPX":             EthPIPX,
		"ETH_P_IPV6":            EthPIPV6,
		"ETH_P_PAUSE":           EthPPAUSE,
		"ETH_P_SLOW":            EthPSLOW,
		"ETH_P_WCCP":            EthPWCCP,
		"ETH_P_MPLSUC":          EthPMPLSUC,
		"ETH_P_MPLSMC":          EthPMPLSMC,
		"ETH_P_ATMMPOA":         EthPATMMPOA,
		"ETH_P_PPPDISC":         EthPPPPDISC,
		"ETH_P_PPPSES":          EthPPPPSES,
		"ETH_P__LINK_CTL":       EthPLinkCTL,
		"ETH_P_ATMFATE":         EthPATMFATE,
		"ETH_P_PAE":             EthPPAE,
		"ETH_P_AOE":             EthPAOE,
		"ETH_P_8021_AD":         EthP8021AD,
		"ETH_P_802_EX1":         EthP802EX1,
		"ETH_P_TIPC":            EthPTIPC,
		"ETH_P_MACSEC":          EthPMACSEC,
		"ETH_P_8021_AH":         EthP8021AH,
		"ETH_P_MVRP":            EthPMVRP,
		"ETH_P_1588":            EthP1588,
		"ETH_P_NCSI":            EthPNCSI,
		"ETH_P_PRP":             EthPPRP,
		"ETH_P_FCOE":            EthPFCOE,
		"ETH_P_IBOE":            EthPIBOE,
		"ETH_P_TDLS":            EthPTDLS,
		"ETH_P_FIP":             EthPFIP,
		"ETH_P_80221":           EthP80221,
		"ETH_P_HSR":             EthPHSR,
		"ETH_P_NSH":             EthPNSH,
		"ETH_P_LOOPBACK":        EthPLOOPBACK,
		"ETH_P_QINQ1":           EthPQINQ1,
		"ETH_P_QINQ2":           EthPQINQ2,
		"ETH_P_QINQ3":           EthPQINQ3,
		"ETH_P_EDSA":            EthPEDSA,
		"ETH_P_IFE":             EthPIFE,
		"ETH_P_AFIUCV":          EthPAFIUCV,
		"ETH_P_8023_MIN":        EthP8023MIN,
		"ETH_P_IPV6_HOP_BY_HOP": EthPIPV6HopByHop,
		"ETH_P_8023":            EthP8023,
		"ETH_P_AX25":            EthPAX25,
		"ETH_P_ALL":             EthPALL,
		"ETH_P_8022":            EthP8022,
		"ETH_P_SNAP":            EthPSNAP,
		"ETH_P_DDCMP":           EthPDDCMP,
		"ETH_P_WANPPP":          EthPWANPPP,
		"ETH_P_PPPMP":           EthPPPPMP,
		"ETH_P_LOCALTALK":       EthPLOCALTALK,
		"ETH_P_CAN":             EthPCAN,
		"ETH_P_CANFD":           EthPCANFD,
		"ETH_P_PPPTALK":         EthPPPPTALK,
		"ETH_P_TR8022":          EthPTR8022,
		"ETH_P_MOBITEX":         EthPMOBITEX,
		"ETH_P_CONTROL":         EthPCONTROL,
		"ETH_P_IRDA":            EthPIRDA,
		"ETH_P_ECONET":          EthPECONET,
		"ETH_P_HDLC":            EthPHDLC,
		"ETH_P_ARCNET":          EthPARCNET,
		"ETH_P_DSA":             EthPDSA,
		"ETH_P_TRAILER":         EthPTRAILER,
		"ETH_P_PHONET":          EthPPHONET,
		"ETH_P_IEEE802154":      EthPIEEE802154,
		"ETH_P_CAIF":            EthPCAIF,
		"ETH_P_XDSA":            EthPXDSA,
		"ETH_P_MAP":             EthPMAP,
	}

	// L4ProtocolConstants is the list of supported L4 protocols
	// generate_constants:L4 protocols,L4 protocols are the supported Layer 4 protocols.
	L4ProtocolConstants = map[string]L4Protocol{
		"IP_PROTO_IP":      IPProtoIP,
		"IP_PROTO_ICMP":    IPProtoICMP,
		"IP_PROTO_IGMP":    IPProtoIGMP,
		"IP_PROTO_IPIP":    IPProtoIPIP,
		"IP_PROTO_TCP":     IPProtoTCP,
		"IP_PROTO_EGP":     IPProtoEGP,
		"IP_PROTO_IGP":     IPProtoIGP,
		"IP_PROTO_PUP":     IPProtoPUP,
		"IP_PROTO_UDP":     IPProtoUDP,
		"IP_PROTO_IDP":     IPProtoIDP,
		"IP_PROTO_TP":      IPProtoTP,
		"IP_PROTO_DCCP":    IPProtoDCCP,
		"IP_PROTO_IPV6":    IPProtoIPV6,
		"IP_PROTO_RSVP":    IPProtoRSVP,
		"IP_PROTO_GRE":     IPProtoGRE,
		"IP_PROTO_ESP":     IPProtoESP,
		"IP_PROTO_AH":      IPProtoAH,
		"IP_PROTO_ICMPV6":  IPProtoICMPV6,
		"IP_PROTO_MTP":     IPProtoMTP,
		"IP_PROTO_BEETPH":  IPProtoBEETPH,
		"IP_PROTO_ENCAP":   IPProtoENCAP,
		"IP_PROTO_PIM":     IPProtoPIM,
		"IP_PROTO_COMP":    IPProtoCOMP,
		"IP_PROTO_SCTP":    IPProtoSCTP,
		"IP_PROTO_UDPLITE": IPProtoUDPLITE,
		"IP_PROTO_MPLS":    IPProtoMPLS,
		"IP_PROTO_RAW":     IPProtoRAW,
	}
)
View Source
var (

	// KernelCapabilityConstants list of kernel capabilities
	// generate_constants:Kernel Capability constants,Kernel Capability constants are the supported Linux Kernel Capability.
	KernelCapabilityConstants = map[string]uint64{
		"CAP_AUDIT_CONTROL":      1 << unix.CAP_AUDIT_CONTROL,
		"CAP_AUDIT_READ":         1 << unix.CAP_AUDIT_READ,
		"CAP_AUDIT_WRITE":        1 << unix.CAP_AUDIT_WRITE,
		"CAP_BLOCK_SUSPEND":      1 << unix.CAP_BLOCK_SUSPEND,
		"CAP_BPF":                1 << unix.CAP_BPF,
		"CAP_CHECKPOINT_RESTORE": 1 << unix.CAP_CHECKPOINT_RESTORE,
		"CAP_CHOWN":              1 << unix.CAP_CHOWN,
		"CAP_DAC_OVERRIDE":       1 << unix.CAP_DAC_OVERRIDE,
		"CAP_DAC_READ_SEARCH":    1 << unix.CAP_DAC_READ_SEARCH,
		"CAP_FOWNER":             1 << unix.CAP_FOWNER,
		"CAP_FSETID":             1 << unix.CAP_FSETID,
		"CAP_IPC_LOCK":           1 << unix.CAP_IPC_LOCK,
		"CAP_IPC_OWNER":          1 << unix.CAP_IPC_OWNER,
		"CAP_KILL":               1 << unix.CAP_KILL,
		"CAP_LEASE":              1 << unix.CAP_LEASE,
		"CAP_LINUX_IMMUTABLE":    1 << unix.CAP_LINUX_IMMUTABLE,
		"CAP_MAC_ADMIN":          1 << unix.CAP_MAC_ADMIN,
		"CAP_MAC_OVERRIDE":       1 << unix.CAP_MAC_OVERRIDE,
		"CAP_MKNOD":              1 << unix.CAP_MKNOD,
		"CAP_NET_ADMIN":          1 << unix.CAP_NET_ADMIN,
		"CAP_NET_BIND_SERVICE":   1 << unix.CAP_NET_BIND_SERVICE,
		"CAP_NET_BROADCAST":      1 << unix.CAP_NET_BROADCAST,
		"CAP_NET_RAW":            1 << unix.CAP_NET_RAW,
		"CAP_PERFMON":            1 << unix.CAP_PERFMON,
		"CAP_SETFCAP":            1 << unix.CAP_SETFCAP,
		"CAP_SETGID":             1 << unix.CAP_SETGID,
		"CAP_SETPCAP":            1 << unix.CAP_SETPCAP,
		"CAP_SETUID":             1 << unix.CAP_SETUID,
		"CAP_SYSLOG":             1 << unix.CAP_SYSLOG,
		"CAP_SYS_ADMIN":          1 << unix.CAP_SYS_ADMIN,
		"CAP_SYS_BOOT":           1 << unix.CAP_SYS_BOOT,
		"CAP_SYS_CHROOT":         1 << unix.CAP_SYS_CHROOT,
		"CAP_SYS_MODULE":         1 << unix.CAP_SYS_MODULE,
		"CAP_SYS_NICE":           1 << unix.CAP_SYS_NICE,
		"CAP_SYS_PACCT":          1 << unix.CAP_SYS_PACCT,
		"CAP_SYS_PTRACE":         1 << unix.CAP_SYS_PTRACE,
		"CAP_SYS_RAWIO":          1 << unix.CAP_SYS_RAWIO,
		"CAP_SYS_RESOURCE":       1 << unix.CAP_SYS_RESOURCE,
		"CAP_SYS_TIME":           1 << unix.CAP_SYS_TIME,
		"CAP_SYS_TTY_CONFIG":     1 << unix.CAP_SYS_TTY_CONFIG,
		"CAP_WAKE_ALARM":         1 << unix.CAP_WAKE_ALARM,
	}

	// SignalConstants are the supported signals for the kill syscall
	// generate_constants:Signal constants,Signal constants are the supported signals for the kill syscall.
	SignalConstants = map[string]int{
		"SIGHUP":    int(unix.SIGHUP),
		"SIGINT":    int(unix.SIGINT),
		"SIGQUIT":   int(unix.SIGQUIT),
		"SIGILL":    int(unix.SIGILL),
		"SIGTRAP":   int(unix.SIGTRAP),
		"SIGABRT":   int(unix.SIGABRT),
		"SIGIOT":    int(unix.SIGIOT),
		"SIGBUS":    int(unix.SIGBUS),
		"SIGFPE":    int(unix.SIGFPE),
		"SIGKILL":   int(unix.SIGKILL),
		"SIGUSR1":   int(unix.SIGUSR1),
		"SIGSEGV":   int(unix.SIGSEGV),
		"SIGUSR2":   int(unix.SIGUSR2),
		"SIGPIPE":   int(unix.SIGPIPE),
		"SIGALRM":   int(unix.SIGALRM),
		"SIGTERM":   int(unix.SIGTERM),
		"SIGSTKFLT": int(unix.SIGSTKFLT),
		"SIGCHLD":   int(unix.SIGCHLD),
		"SIGCONT":   int(unix.SIGCONT),
		"SIGSTOP":   int(unix.SIGSTOP),
		"SIGTSTP":   int(unix.SIGTSTP),
		"SIGTTIN":   int(unix.SIGTTIN),
		"SIGTTOU":   int(unix.SIGTTOU),
		"SIGURG":    int(unix.SIGURG),
		"SIGXCPU":   int(unix.SIGXCPU),
		"SIGXFSZ":   int(unix.SIGXFSZ),
		"SIGVTALRM": int(unix.SIGVTALRM),
		"SIGPROF":   int(unix.SIGPROF),
		"SIGWINCH":  int(unix.SIGWINCH),
		"SIGIO":     int(unix.SIGIO),
		"SIGPOLL":   int(unix.SIGPOLL),
		"SIGPWR":    int(unix.SIGPWR),
		"SIGSYS":    int(unix.SIGSYS),
	}

	// BPFCmdConstants is the list of BPF commands
	// generate_constants:BPF commands,BPF commands are used to specify a command to a bpf syscall.
	BPFCmdConstants = map[string]BPFCmd{
		"BPF_MAP_CREATE":                  BpfMapCreateCmd,
		"BPF_MAP_LOOKUP_ELEM":             BpfMapLookupElemCmd,
		"BPF_MAP_UPDATE_ELEM":             BpfMapUpdateElemCmd,
		"BPF_MAP_DELETE_ELEM":             BpfMapDeleteElemCmd,
		"BPF_MAP_GET_NEXT_KEY":            BpfMapGetNextKeyCmd,
		"BPF_PROG_LOAD":                   BpfProgLoadCmd,
		"BPF_OBJ_PIN":                     BpfObjPinCmd,
		"BPF_OBJ_GET":                     BpfObjGetCmd,
		"BPF_PROG_ATTACH":                 BpfProgAttachCmd,
		"BPF_PROG_DETACH":                 BpfProgDetachCmd,
		"BPF_PROG_TEST_RUN":               BpfProgTestRunCmd,
		"BPF_PROG_RUN":                    BpfProgTestRunCmd,
		"BPF_PROG_GET_NEXT_ID":            BpfProgGetNextIDCmd,
		"BPF_MAP_GET_NEXT_ID":             BpfMapGetNextIDCmd,
		"BPF_PROG_GET_FD_BY_ID":           BpfProgGetFdByIDCmd,
		"BPF_MAP_GET_FD_BY_ID":            BpfMapGetFdByIDCmd,
		"BPF_OBJ_GET_INFO_BY_FD":          BpfObjGetInfoByFdCmd,
		"BPF_PROG_QUERY":                  BpfProgQueryCmd,
		"BPF_RAW_TRACEPOINT_OPEN":         BpfRawTracepointOpenCmd,
		"BPF_BTF_LOAD":                    BpfBtfLoadCmd,
		"BPF_BTF_GET_FD_BY_ID":            BpfBtfGetFdByIDCmd,
		"BPF_TASK_FD_QUERY":               BpfTaskFdQueryCmd,
		"BPF_MAP_LOOKUP_AND_DELETE_ELEM":  BpfMapLookupAndDeleteElemCmd,
		"BPF_MAP_FREEZE":                  BpfMapFreezeCmd,
		"BPF_BTF_GET_NEXT_ID":             BpfBtfGetNextIDCmd,
		"BPF_MAP_LOOKUP_BATCH":            BpfMapLookupBatchCmd,
		"BPF_MAP_LOOKUP_AND_DELETE_BATCH": BpfMapLookupAndDeleteBatchCmd,
		"BPF_MAP_UPDATE_BATCH":            BpfMapUpdateBatchCmd,
		"BPF_MAP_DELETE_BATCH":            BpfMapDeleteBatchCmd,
		"BPF_LINK_CREATE":                 BpfLinkCreateCmd,
		"BPF_LINK_UPDATE":                 BpfLinkUpdateCmd,
		"BPF_LINK_GET_FD_BY_ID":           BpfLinkGetFdByIDCmd,
		"BPF_LINK_GET_NEXT_ID":            BpfLinkGetNextIDCmd,
		"BPF_ENABLE_STATS":                BpfEnableStatsCmd,
		"BPF_ITER_CREATE":                 BpfIterCreateCmd,
		"BPF_LINK_DETACH":                 BpfLinkDetachCmd,
		"BPF_PROG_BIND_MAP":               BpfProgBindMapCmd,
	}

	// BPFHelperFuncConstants is the list of BPF helper func constants
	// generate_constants:BPF helper functions,BPF helper functions are the supported BPF helper functions.
	BPFHelperFuncConstants = map[string]BPFHelperFunc{}/* 166 elements not displayed */

	// BPFMapTypeConstants is the list of BPF map type constants
	// generate_constants:BPF map types,BPF map types are the supported eBPF map types.
	BPFMapTypeConstants = map[string]BPFMapType{
		"BPF_MAP_TYPE_UNSPEC":                BpfMapTypeUnspec,
		"BPF_MAP_TYPE_HASH":                  BpfMapTypeHash,
		"BPF_MAP_TYPE_ARRAY":                 BpfMapTypeArray,
		"BPF_MAP_TYPE_PROG_ARRAY":            BpfMapTypeProgArray,
		"BPF_MAP_TYPE_PERF_EVENT_ARRAY":      BpfMapTypePerfEventArray,
		"BPF_MAP_TYPE_PERCPU_HASH":           BpfMapTypePercpuHash,
		"BPF_MAP_TYPE_PERCPU_ARRAY":          BpfMapTypePercpuArray,
		"BPF_MAP_TYPE_STACK_TRACE":           BpfMapTypeStackTrace,
		"BPF_MAP_TYPE_CGROUP_ARRAY":          BpfMapTypeCgroupArray,
		"BPF_MAP_TYPE_LRU_HASH":              BpfMapTypeLruHash,
		"BPF_MAP_TYPE_LRU_PERCPU_HASH":       BpfMapTypeLruPercpuHash,
		"BPF_MAP_TYPE_LPM_TRIE":              BpfMapTypeLpmTrie,
		"BPF_MAP_TYPE_ARRAY_OF_MAPS":         BpfMapTypeArrayOfMaps,
		"BPF_MAP_TYPE_HASH_OF_MAPS":          BpfMapTypeHashOfMaps,
		"BPF_MAP_TYPE_DEVMAP":                BpfMapTypeDevmap,
		"BPF_MAP_TYPE_SOCKMAP":               BpfMapTypeSockmap,
		"BPF_MAP_TYPE_CPUMAP":                BpfMapTypeCPUmap,
		"BPF_MAP_TYPE_XSKMAP":                BpfMapTypeXskmap,
		"BPF_MAP_TYPE_SOCKHASH":              BpfMapTypeSockhash,
		"BPF_MAP_TYPE_CGROUP_STORAGE":        BpfMapTypeCgroupStorage,
		"BPF_MAP_TYPE_REUSEPORT_SOCKARRAY":   BpfMapTypeReuseportSockarray,
		"BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE": BpfMapTypePercpuCgroupStorage,
		"BPF_MAP_TYPE_QUEUE":                 BpfMapTypeQueue,
		"BPF_MAP_TYPE_STACK":                 BpfMapTypeStack,
		"BPF_MAP_TYPE_SK_STORAGE":            BpfMapTypeSkStorage,
		"BPF_MAP_TYPE_DEVMAP_HASH":           BpfMapTypeDevmapHash,
		"BPF_MAP_TYPE_STRUCT_OPS":            BpfMapTypeStructOps,
		"BPF_MAP_TYPE_RINGBUF":               BpfMapTypeRingbuf,
		"BPF_MAP_TYPE_INODE_STORAGE":         BpfMapTypeInodeStorage,
		"BPF_MAP_TYPE_TASK_STORAGE":          BpfMapTypeTaskStorage,
	}

	// BPFProgramTypeConstants is the list of BPF program type constants
	// generate_constants:BPF program types,BPF program types are the supported eBPF program types.
	BPFProgramTypeConstants = map[string]BPFProgramType{
		"BPF_PROG_TYPE_UNSPEC":                  BpfProgTypeUnspec,
		"BPF_PROG_TYPE_SOCKET_FILTER":           BpfProgTypeSocketFilter,
		"BPF_PROG_TYPE_KPROBE":                  BpfProgTypeKprobe,
		"BPF_PROG_TYPE_SCHED_CLS":               BpfProgTypeSchedCls,
		"BPF_PROG_TYPE_SCHED_ACT":               BpfProgTypeSchedAct,
		"BPF_PROG_TYPE_TRACEPOINT":              BpfProgTypeTracepoint,
		"BPF_PROG_TYPE_XDP":                     BpfProgTypeXdp,
		"BPF_PROG_TYPE_PERF_EVENT":              BpfProgTypePerfEvent,
		"BPF_PROG_TYPE_CGROUP_SKB":              BpfProgTypeCgroupSkb,
		"BPF_PROG_TYPE_CGROUP_SOCK":             BpfProgTypeCgroupSock,
		"BPF_PROG_TYPE_LWT_IN":                  BpfProgTypeLwtIn,
		"BPF_PROG_TYPE_LWT_OUT":                 BpfProgTypeLwtOut,
		"BPF_PROG_TYPE_LWT_XMIT":                BpfProgTypeLwtXmit,
		"BPF_PROG_TYPE_SOCK_OPS":                BpfProgTypeSockOps,
		"BPF_PROG_TYPE_SK_SKB":                  BpfProgTypeSkSkb,
		"BPF_PROG_TYPE_CGROUP_DEVICE":           BpfProgTypeCgroupDevice,
		"BPF_PROG_TYPE_SK_MSG":                  BpfProgTypeSkMsg,
		"BPF_PROG_TYPE_RAW_TRACEPOINT":          BpfProgTypeRawTracepoint,
		"BPF_PROG_TYPE_CGROUP_SOCK_ADDR":        BpfProgTypeCgroupSockAddr,
		"BPF_PROG_TYPE_LWT_SEG6LOCAL":           BpfProgTypeLwtSeg6local,
		"BPF_PROG_TYPE_LIRC_MODE2":              BpfProgTypeLircMode2,
		"BPF_PROG_TYPE_SK_REUSEPORT":            BpfProgTypeSkReuseport,
		"BPF_PROG_TYPE_FLOW_DISSECTOR":          BpfProgTypeFlowDissector,
		"BPF_PROG_TYPE_CGROUP_SYSCTL":           BpfProgTypeCgroupSysctl,
		"BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE": BpfProgTypeRawTracepointWritable,
		"BPF_PROG_TYPE_CGROUP_SOCKOPT":          BpfProgTypeCgroupSockopt,
		"BPF_PROG_TYPE_TRACING":                 BpfProgTypeTracing,
		"BPF_PROG_TYPE_STRUCT_OPS":              BpfProgTypeStructOps,
		"BPF_PROG_TYPE_EXT":                     BpfProgTypeExt,
		"BPF_PROG_TYPE_LSM":                     BpfProgTypeLsm,
		"BPF_PROG_TYPE_SK_LOOKUP":               BpfProgTypeSkLookup,
	}

	// BPFAttachTypeConstants is the list of BPF attach type constants
	// generate_constants:BPF attach types,BPF attach types are the supported eBPF program attach types.
	BPFAttachTypeConstants = map[string]BPFAttachType{
		"BPF_CGROUP_INET_INGRESS":      BpfCgroupInetIngress,
		"BPF_CGROUP_INET_EGRESS":       BpfCgroupInetEgress,
		"BPF_CGROUP_INET_SOCK_CREATE":  BpfCgroupInetSockCreate,
		"BPF_CGROUP_SOCK_OPS":          BpfCgroupSockOps,
		"BPF_SK_SKB_STREAM_PARSER":     BpfSkSkbStreamParser,
		"BPF_SK_SKB_STREAM_VERDICT":    BpfSkSkbStreamVerdict,
		"BPF_CGROUP_DEVICE":            BpfCgroupDevice,
		"BPF_SK_MSG_VERDICT":           BpfSkMsgVerdict,
		"BPF_CGROUP_INET4_BIND":        BpfCgroupInet4Bind,
		"BPF_CGROUP_INET6_BIND":        BpfCgroupInet6Bind,
		"BPF_CGROUP_INET4_CONNECT":     BpfCgroupInet4Connect,
		"BPF_CGROUP_INET6_CONNECT":     BpfCgroupInet6Connect,
		"BPF_CGROUP_INET4_POST_BIND":   BpfCgroupInet4PostBind,
		"BPF_CGROUP_INET6_POST_BIND":   BpfCgroupInet6PostBind,
		"BPF_CGROUP_UDP4_SENDMSG":      BpfCgroupUDP4Sendmsg,
		"BPF_CGROUP_UDP6_SENDMSG":      BpfCgroupUDP6Sendmsg,
		"BPF_LIRC_MODE2":               BpfLircMode2,
		"BPF_FLOW_DISSECTOR":           BpfFlowDissector,
		"BPF_CGROUP_SYSCTL":            BpfCgroupSysctl,
		"BPF_CGROUP_UDP4_RECVMSG":      BpfCgroupUDP4Recvmsg,
		"BPF_CGROUP_UDP6_RECVMSG":      BpfCgroupUDP6Recvmsg,
		"BPF_CGROUP_GETSOCKOPT":        BpfCgroupGetsockopt,
		"BPF_CGROUP_SETSOCKOPT":        BpfCgroupSetsockopt,
		"BPF_TRACE_RAW_TP":             BpfTraceRawTp,
		"BPF_TRACE_FENTRY":             BpfTraceFentry,
		"BPF_TRACE_FEXIT":              BpfTraceFexit,
		"BPF_MODIFY_RETURN":            BpfModifyReturn,
		"BPF_LSM_MAC":                  BpfLsmMac,
		"BPF_TRACE_ITER":               BpfTraceIter,
		"BPF_CGROUP_INET4_GETPEERNAME": BpfCgroupInet4Getpeername,
		"BPF_CGROUP_INET6_GETPEERNAME": BpfCgroupInet6Getpeername,
		"BPF_CGROUP_INET4_GETSOCKNAME": BpfCgroupInet4Getsockname,
		"BPF_CGROUP_INET6_GETSOCKNAME": BpfCgroupInet6Getsockname,
		"BPF_XDP_DEVMAP":               BpfXdpDevmap,
		"BPF_CGROUP_INET_SOCK_RELEASE": BpfCgroupInetSockRelease,
		"BPF_XDP_CPUMAP":               BpfXdpCPUmap,
		"BPF_SK_LOOKUP":                BpfSkLookup,
		"BPF_XDP":                      BpfXdp,
		"BPF_SK_SKB_VERDICT":           BpfSkSkbVerdict,
	}

	// PipeBufFlagConstants is the list of pipe buffer flags
	// generate_constants:Pipe buffer flags,Pipe buffer flags are the supported flags for a pipe buffer.
	PipeBufFlagConstants = map[string]PipeBufFlag{
		"PIPE_BUF_FLAG_LRU":       PipeBufFlagLRU,
		"PIPE_BUF_FLAG_ATOMIC":    PipeBufFlagAtomic,
		"PIPE_BUF_FLAG_GIFT":      PipeBufFlagGift,
		"PIPE_BUF_FLAG_PACKET":    PipeBufFlagPacket,
		"PIPE_BUF_FLAG_CAN_MERGE": PipeBufFlagCanMerge,
		"PIPE_BUF_FLAG_WHOLE":     PipeBufFlagWhole,
		"PIPE_BUF_FLAG_LOSS":      PipeBufFlagLoss,
	}
)
View Source
var (
	// ErrDNSNamePointerNotSupported reported because pointer compression is not supported
	ErrDNSNamePointerNotSupported = errors.New("dns name pointer compression is not supported")
	// ErrDNSNameOutOfBounds reported because name out of bound
	ErrDNSNameOutOfBounds = errors.New("dns name out of bound")
	// ErrDNSNameNonPrintableASCII reported because name non-printable ascii
	ErrDNSNameNonPrintableASCII = errors.New("dns name non-printable ascii")
	// ErrDNSNameMalformatted reported because name mal formatted (too short, missing dots, etc)
	ErrDNSNameMalformatted = errors.New("dns name mal-formatted")
)
View Source
var (
	// ErrNotEnoughData is returned when the buffer is too small to unmarshal the event
	ErrNotEnoughData = errors.New("not enough data")

	// ErrNotEnoughSpace is returned when the provided buffer is too small to marshal the event
	ErrNotEnoughSpace = errors.New("not enough space")

	// ErrStringArrayOverflow returned when there is a string array overflow
	ErrStringArrayOverflow = errors.New("string array overflow")

	// ErrNonPrintable returned when a string contains non printable char
	ErrNonPrintable = errors.New("non printable")

	// ErrIncorrectDataSize is returned when the data read size doesn't correspond to the expected one
	ErrIncorrectDataSize = errors.New("incorrect data size")
)
View Source
var (

	// ProcessSymlinkPathname handles symlink for process enrtries
	ProcessSymlinkPathname = &eval.OpOverrides{
		StringEquals: func(a *eval.StringEvaluator, b *eval.StringEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.GlobCmp.StringEquals(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.path" || a.Field == "process.file.path" {
				se1, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[0](a.Field), b, state)
				if err != nil {
					return nil, err
				}

				se2, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[1](a.Field), b, state)
				if err != nil {
					return nil, err
				}

				or, err := eval.Or(se1, se2, state)
				if err != nil {
					return nil, err
				}

				return eval.Or(path, or, state)
			} else if b.Field == "exec.file.path" || b.Field == "process.file.path" {
				se1, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[0](b.Field), a, state)
				if err != nil {
					return nil, err
				}

				se2, err := eval.GlobCmp.StringEquals(symlinkPathnameEvaluators[1](b.Field), a, state)
				if err != nil {
					return nil, err
				}

				or, err := eval.Or(se1, se2, state)
				if err != nil {
					return nil, err
				}

				return eval.Or(path, or, state)
			}

			return path, nil
		},
		StringValuesContains: func(a *eval.StringEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.GlobCmp.StringValuesContains(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.path" || a.Field == "process.file.path" {
				se1, err := eval.GlobCmp.StringValuesContains(symlinkPathnameEvaluators[0](a.Field), b, state)
				if err != nil {
					return nil, err
				}
				se2, err := eval.GlobCmp.StringValuesContains(symlinkPathnameEvaluators[1](a.Field), b, state)
				if err != nil {
					return nil, err
				}
				or, err := eval.Or(se1, se2, state)
				if err != nil {
					return nil, err
				}

				return eval.Or(path, or, state)
			}

			return path, nil
		},
		StringArrayContains: func(a *eval.StringEvaluator, b *eval.StringArrayEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.GlobCmp.StringArrayContains(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.path" || a.Field == "process.file.path" {
				se1, err := eval.GlobCmp.StringArrayContains(symlinkPathnameEvaluators[0](a.Field), b, state)
				if err != nil {
					return nil, err
				}
				se2, err := eval.GlobCmp.StringArrayContains(symlinkPathnameEvaluators[1](a.Field), b, state)
				if err != nil {
					return nil, err
				}
				or, err := eval.Or(se1, se2, state)
				if err != nil {
					return nil, err
				}

				return eval.Or(path, or, state)
			}

			return path, nil
		},
		StringArrayMatches: func(a *eval.StringArrayEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			return eval.GlobCmp.StringArrayMatches(a, b, state)
		},
	}

	// ProcessSymlinkBasename handles symlink for process enrtries
	ProcessSymlinkBasename = &eval.OpOverrides{
		StringEquals: func(a *eval.StringEvaluator, b *eval.StringEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.StringEquals(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.name" || a.Field == "process.file.name" {
				symlink, err := eval.StringEquals(symlinkBasenameEvaluator(a.Field), b, state)
				if err != nil {
					return nil, err
				}
				return eval.Or(path, symlink, state)
			} else if b.Field == "exec.file.name" || b.Field == "process.file.name" {
				symlink, err := eval.StringEquals(a, symlinkBasenameEvaluator(b.Field), state)
				if err != nil {
					return nil, err
				}
				return eval.Or(path, symlink, state)
			}

			return path, nil
		},
		StringValuesContains: func(a *eval.StringEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.StringValuesContains(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.name" || a.Field == "process.file.name" {
				symlink, err := eval.StringValuesContains(symlinkBasenameEvaluator(a.Field), b, state)
				if err != nil {
					return nil, err
				}
				return eval.Or(path, symlink, state)
			}

			return path, nil
		},
		StringArrayContains: func(a *eval.StringEvaluator, b *eval.StringArrayEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			path, err := eval.StringArrayContains(a, b, state)
			if err != nil {
				return nil, err
			}

			if a.Field == "exec.file.name" || a.Field == "process.file.name" {
				symlink, err := eval.StringArrayContains(symlinkBasenameEvaluator(a.Field), b, state)
				if err != nil {
					return nil, err
				}
				return eval.Or(path, symlink, state)
			}

			return path, nil
		},
		StringArrayMatches: func(a *eval.StringArrayEvaluator, b *eval.StringValuesEvaluator, state *eval.State) (*eval.BoolEvaluator, error) {
			return eval.StringArrayMatches(a, b, state)
		},
	}
)

AllEventFilteringProfileState is the list of all EventFilteringProfileState

View Source
var ErrNoProcessContext = errors.New("process context not resolved")

ErrNoProcessContext defines an error for event without process context

View Source
var MountOrigins = [...]string{
	"unknown",
	"procfs",
	"event",
	"unshare",
}

MountOrigins defines mount origins

View Source
var MountSources = [...]string{
	"unknown",
	"mount_id",
	"device",
	"snapshot",
}

MountSources defines mount sources

View Source
var PacketFilterMatching = &eval.OpOverrides{
	StringEquals: func(_ *eval.StringEvaluator, _ *eval.StringEvaluator, _ *eval.State) (*eval.BoolEvaluator, error) {
		return nil, errUnsupportedPacketFilter
	},
	StringValuesContains: func(_ *eval.StringEvaluator, _ *eval.StringValuesEvaluator, _ *eval.State) (*eval.BoolEvaluator, error) {
		return nil, errUnsupportedPacketFilter
	},
	StringArrayContains: func(_ *eval.StringEvaluator, _ *eval.StringArrayEvaluator, _ *eval.State) (*eval.BoolEvaluator, error) {
		return nil, errUnsupportedPacketFilter
	},
	StringArrayMatches: func(_ *eval.StringArrayEvaluator, _ *eval.StringValuesEvaluator, _ *eval.State) (*eval.BoolEvaluator, error) {
		return nil, errUnsupportedPacketFilter
	},
}

PacketFilterMatching is a set of overrides for packet filter fields, it only supports matching a single static value

View Source
var ProcessSources = [...]string{
	"unknown",
	"placeholder",
	"event",
	"map",
	"procfs_fallback",
	"procfs_snapshot",
}

ProcessSources defines process sources

View Source
var SECLLegacyFields = map[eval.Field]eval.Field{

	"async": "event.async",

	"chmod.filename": "chmod.file.path",
	"chmod.basename": "chmod.file.name",
	"chmod.mode":     "chmod.file.destination.mode",

	"chown.filename": "chown.file.path",
	"chown.basename": "chown.file.name",
	"chown.uid":      "chown.file.destination.uid",
	"chown.user":     "chown.file.destination.user",
	"chown.gid":      "chown.file.destination.gid",
	"chown.group":    "chown.file.destination.group",

	"open.filename": "open.file.path",
	"open.basename": "open.file.name",
	"open.mode":     "open.file.destination.mode",

	"mkdir.filename": "mkdir.file.path",
	"mkdir.basename": "mkdir.file.name",
	"mkdir.mode":     "mkdir.file.destination.mode",

	"rmdir.filename": "rmdir.file.path",
	"rmdir.basename": "rmdir.file.name",

	"rename.old.filename": "rename.file.path",
	"rename.old.basename": "rename.file.name",
	"rename.new.filename": "rename.file.destination.path",
	"rename.new.basename": "rename.file.destination.name",

	"unlink.filename": "unlink.file.path",
	"unlink.basename": "unlink.file.name",

	"utimes.filename": "utimes.file.path",
	"utimes.basename": "utimes.file.name",

	"link.source.filename": "link.file.path",
	"link.source.basename": "link.file.name",
	"link.target.filename": "link.file.destination.path",
	"link.target.basename": "link.file.destination.name",

	"setxattr.filename":  "setxattr.file.path",
	"setxattr.basename":  "setxattr.file.name",
	"setxattr.namespace": "setxattr.file.destination.namespace",
	"setxattr.name":      "setxattr.file.destination.name",

	"removexattr.filename":  "removexattr.file.path",
	"removexattr.basename":  "removexattr.file.name",
	"removexattr.namespace": "removexattr.file.destination.namespace",
	"removexattr.name":      "removexattr.file.destination.name",

	"exec.filename":         "exec.file.path",
	"exec.overlay_numlower": "exec.file.overlay_numlower",
	"exec.basename":         "exec.file.name",
	"exec.name":             "exec.comm",

	"process.filename":           "process.file.path",
	"process.basename":           "process.file.name",
	"process.name":               "process.comm",
	"process.ancestors.filename": "process.ancestors.file.path",
	"process.ancestors.basename": "process.ancestors.file.name",
	"process.ancestors.name":     "process.ancestors.comm",
}

SECLLegacyFields contains the list of the legacy attributes we need to support

View Source
var (
	// SECLVariables set of variables
	SECLVariables = map[string]eval.VariableValue{
		"process.pid": eval.NewIntVariable(func(ctx *eval.Context) int {
			pc := ctx.Event.(*Event).ProcessContext
			if pc == nil {
				return 0
			}
			return int(pc.Process.Pid)
		}, nil),
	}
)

Functions

func FilterEnvs added in v0.51.0

func FilterEnvs(allEnvVars []string, desiredKeys map[string]bool) []string

FilterEnvs returns an array of environment variable key value pairs matching the desired keys

func GetEventTypePerCategory

func GetEventTypePerCategory(categories ...EventCategory) map[EventCategory][]eval.EventType

GetEventTypePerCategory returns the event types per category

func IsAlphaNumeric

func IsAlphaNumeric(r rune) bool

IsAlphaNumeric returns whether a character is either a digit or a letter

func IsPrintable

func IsPrintable(s string) bool

IsPrintable returns whether the string does contain only unicode printable

func IsPrintableASCII

func IsPrintableASCII(s string) bool

IsPrintableASCII returns whether the string does contain only ASCII char

func MarshalBinary added in v0.36.0

func MarshalBinary(data []byte, binaryMarshalers ...BinaryMarshaler) (int, error)

MarshalBinary calls a series of BinaryMarshaler

func MountOriginToString added in v0.55.0

func MountOriginToString(origin MountOrigin) string

MountOriginToString returns the string corresponding to a mount origin

func MountSourceToString added in v0.55.0

func MountSourceToString(source MountSource) string

MountSourceToString returns the string corresponding to a mount source

func NullTerminatedString added in v0.41.0

func NullTerminatedString(d []byte) string

NullTerminatedString returns null-terminated string

func ProcessSourceToString added in v0.46.0

func ProcessSourceToString(source uint64) string

ProcessSourceToString returns the string corresponding to a process source

func SECLConstants

func SECLConstants() map[string]interface{}

SECLConstants returns the constants supported in runtime security agent rules, initializing these constants during the first call

func SliceToArray

func SliceToArray(src []byte, dst []byte)

SliceToArray copy src bytes to dst. Destination should have enough space

func StringifyHelpersList

func StringifyHelpersList(input []uint32) []string

StringifyHelpersList returns a string list representation of a list of helpers

func UnmarshalBinary

func UnmarshalBinary(data []byte, binaryUnmarshalers ...BinaryUnmarshaler) (int, error)

UnmarshalBinary calls a series of BinaryUnmarshaler

func UnmarshalPrintableString

func UnmarshalPrintableString(data []byte, size int) (string, error)

UnmarshalPrintableString unmarshal printable string

func UnmarshalString

func UnmarshalString(data []byte, size int) (string, error)

UnmarshalString unmarshal string

func UnmarshalStringArray

func UnmarshalStringArray(data []byte) ([]string, error)

UnmarshalStringArray extract array of string for array of byte

Types

type AWSIMDSEvent added in v0.55.0

type AWSIMDSEvent struct {
	IsIMDSv2            bool                   `field:"is_imds_v2"`           // SECLDoc[is_imds_v2] Definition:`a boolean which specifies if the IMDS event follows IMDSv1 or IMDSv2 conventions`
	SecurityCredentials AWSSecurityCredentials `field:"security_credentials"` // SECLDoc[credentials] Definition:`the security credentials in the IMDS answer`
}

AWSIMDSEvent holds data from an AWS IMDS event

type AWSSecurityCredentials added in v0.55.0

type AWSSecurityCredentials struct {
	Code        string    `field:"-" json:"Code"`
	Type        string    `field:"type" json:"Type"` // SECLDoc[type] Definition:`the security credentials type`
	AccessKeyID string    `field:"-" json:"AccessKeyId"`
	LastUpdated string    `field:"-" json:"LastUpdated"`
	Expiration  time.Time `field:"-"`

	ExpirationRaw string `field:"-" json:"Expiration"`
}

AWSSecurityCredentials is used to parse the fields that are none to be free of credentials or secrets

func (*AWSSecurityCredentials) UnmarshalBinary added in v0.55.0

func (creds *AWSSecurityCredentials) UnmarshalBinary(body []byte) error

UnmarshalBinary extract scrubbed data from an AWS IMDS security credentials response body

type ActionReport added in v0.52.0

type ActionReport interface {
	ToJSON() ([]byte, error)
	IsMatchingRule(ruleID eval.RuleID) bool
	IsResolved() error
}

ActionReport defines an action report

type ActivityDumpLoadConfig added in v0.40.0

type ActivityDumpLoadConfig struct {
	TracedEventTypes     []EventType
	Timeout              time.Duration
	WaitListTimestampRaw uint64
	StartTimestampRaw    uint64
	EndTimestampRaw      uint64
	Rate                 uint32 // max number of events per sec
	Paused               uint32
}

ActivityDumpLoadConfig represents the load configuration of an activity dump

func (*ActivityDumpLoadConfig) EventUnmarshalBinary added in v0.40.0

func (adlc *ActivityDumpLoadConfig) EventUnmarshalBinary(data []byte) (int, error)

EventUnmarshalBinary unmarshals a binary representation of itself

func (*ActivityDumpLoadConfig) MarshalBinary added in v0.40.0

func (adlc *ActivityDumpLoadConfig) MarshalBinary() ([]byte, error)

MarshalBinary marshals a binary representation of itself

func (*ActivityDumpLoadConfig) SetTimeout added in v0.40.0

func (adlc *ActivityDumpLoadConfig) SetTimeout(duration time.Duration)

SetTimeout updates the timeout of an activity dump

func (*ActivityDumpLoadConfig) UnmarshalBinary added in v0.40.0

func (adlc *ActivityDumpLoadConfig) UnmarshalBinary(data []byte) error

UnmarshalBinary unmarshals a binary representation of itself

type AddressFamily added in v0.37.0

type AddressFamily int

AddressFamily represents a family address (AF_INET, AF_INET6, AF_UNIX etc)

func (AddressFamily) String added in v0.37.0

func (af AddressFamily) String() string

type ArgsEntry

type ArgsEntry struct {
	Values    []string
	Truncated bool
}

ArgsEntry defines a args cache entry

func (*ArgsEntry) Equals added in v0.36.0

func (p *ArgsEntry) Equals(o *ArgsEntry) bool

Equals compares two ArgsEntry

type ArgsEnvs

type ArgsEnvs struct {
	ID        uint64
	Size      uint32
	ValuesRaw [MaxArgEnvSize]byte
}

ArgsEnvs raw value for args and envs

type ArgsEnvsEvent

type ArgsEnvsEvent struct {
	ArgsEnvs
}

ArgsEnvsEvent defines a args/envs event

func (*ArgsEnvsEvent) UnmarshalBinary

func (e *ArgsEnvsEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type BPFAttachType

type BPFAttachType uint32

BPFAttachType is used to define attach type constants

const (
	// BpfCgroupInetIngress attach type
	BpfCgroupInetIngress BPFAttachType = iota + 1
	// BpfCgroupInetEgress attach type
	BpfCgroupInetEgress
	// BpfCgroupInetSockCreate attach type
	BpfCgroupInetSockCreate
	// BpfCgroupSockOps attach type
	BpfCgroupSockOps
	// BpfSkSkbStreamParser attach type
	BpfSkSkbStreamParser
	// BpfSkSkbStreamVerdict attach type
	BpfSkSkbStreamVerdict
	// BpfCgroupDevice attach type
	BpfCgroupDevice
	// BpfSkMsgVerdict attach type
	BpfSkMsgVerdict
	// BpfCgroupInet4Bind attach type
	BpfCgroupInet4Bind
	// BpfCgroupInet6Bind attach type
	BpfCgroupInet6Bind
	// BpfCgroupInet4Connect attach type
	BpfCgroupInet4Connect
	// BpfCgroupInet6Connect attach type
	BpfCgroupInet6Connect
	// BpfCgroupInet4PostBind attach type
	BpfCgroupInet4PostBind
	// BpfCgroupInet6PostBind attach type
	BpfCgroupInet6PostBind
	// BpfCgroupUDP4Sendmsg attach type
	BpfCgroupUDP4Sendmsg
	// BpfCgroupUDP6Sendmsg attach type
	BpfCgroupUDP6Sendmsg
	// BpfLircMode2 attach type
	BpfLircMode2
	// BpfFlowDissector attach type
	BpfFlowDissector
	// BpfCgroupSysctl attach type
	BpfCgroupSysctl
	// BpfCgroupUDP4Recvmsg attach type
	BpfCgroupUDP4Recvmsg
	// BpfCgroupUDP6Recvmsg attach type
	BpfCgroupUDP6Recvmsg
	// BpfCgroupGetsockopt attach type
	BpfCgroupGetsockopt
	// BpfCgroupSetsockopt attach type
	BpfCgroupSetsockopt
	// BpfTraceRawTp attach type
	BpfTraceRawTp
	// BpfTraceFentry attach type
	BpfTraceFentry
	// BpfTraceFexit attach type
	BpfTraceFexit
	// BpfModifyReturn attach type
	BpfModifyReturn
	// BpfLsmMac attach type
	BpfLsmMac
	// BpfTraceIter attach type
	BpfTraceIter
	// BpfCgroupInet4Getpeername attach type
	BpfCgroupInet4Getpeername
	// BpfCgroupInet6Getpeername attach type
	BpfCgroupInet6Getpeername
	// BpfCgroupInet4Getsockname attach type
	BpfCgroupInet4Getsockname
	// BpfCgroupInet6Getsockname attach type
	BpfCgroupInet6Getsockname
	// BpfXdpDevmap attach type
	BpfXdpDevmap
	// BpfCgroupInetSockRelease attach type
	BpfCgroupInetSockRelease
	// BpfXdpCPUmap attach type
	BpfXdpCPUmap
	// BpfSkLookup attach type
	BpfSkLookup
	// BpfXdp attach type
	BpfXdp
	// BpfSkSkbVerdict attach type
	BpfSkSkbVerdict
)

func (BPFAttachType) String

func (t BPFAttachType) String() string

type BPFCmd

type BPFCmd uint64

BPFCmd represents a BPF command

const (
	// BpfMapCreateCmd command
	BpfMapCreateCmd BPFCmd = iota
	// BpfMapLookupElemCmd command
	BpfMapLookupElemCmd
	// BpfMapUpdateElemCmd command
	BpfMapUpdateElemCmd
	// BpfMapDeleteElemCmd command
	BpfMapDeleteElemCmd
	// BpfMapGetNextKeyCmd command
	BpfMapGetNextKeyCmd
	// BpfProgLoadCmd command
	BpfProgLoadCmd
	// BpfObjPinCmd command
	BpfObjPinCmd
	// BpfObjGetCmd command
	BpfObjGetCmd
	// BpfProgAttachCmd command
	BpfProgAttachCmd
	// BpfProgDetachCmd command
	BpfProgDetachCmd
	// BpfProgTestRunCmd command
	BpfProgTestRunCmd
	// BpfProgGetNextIDCmd command
	BpfProgGetNextIDCmd
	// BpfMapGetNextIDCmd command
	BpfMapGetNextIDCmd
	// BpfProgGetFdByIDCmd command
	BpfProgGetFdByIDCmd
	// BpfMapGetFdByIDCmd command
	BpfMapGetFdByIDCmd
	// BpfObjGetInfoByFdCmd command
	BpfObjGetInfoByFdCmd
	// BpfProgQueryCmd command
	BpfProgQueryCmd
	// BpfRawTracepointOpenCmd command
	BpfRawTracepointOpenCmd
	// BpfBtfLoadCmd command
	BpfBtfLoadCmd
	// BpfBtfGetFdByIDCmd command
	BpfBtfGetFdByIDCmd
	// BpfTaskFdQueryCmd command
	BpfTaskFdQueryCmd
	// BpfMapLookupAndDeleteElemCmd command
	BpfMapLookupAndDeleteElemCmd
	// BpfMapFreezeCmd command
	BpfMapFreezeCmd
	// BpfBtfGetNextIDCmd command
	BpfBtfGetNextIDCmd
	// BpfMapLookupBatchCmd command
	BpfMapLookupBatchCmd
	// BpfMapLookupAndDeleteBatchCmd command
	BpfMapLookupAndDeleteBatchCmd
	// BpfMapUpdateBatchCmd command
	BpfMapUpdateBatchCmd
	// BpfMapDeleteBatchCmd command
	BpfMapDeleteBatchCmd
	// BpfLinkCreateCmd command
	BpfLinkCreateCmd
	// BpfLinkUpdateCmd command
	BpfLinkUpdateCmd
	// BpfLinkGetFdByIDCmd command
	BpfLinkGetFdByIDCmd
	// BpfLinkGetNextIDCmd command
	BpfLinkGetNextIDCmd
	// BpfEnableStatsCmd command
	BpfEnableStatsCmd
	// BpfIterCreateCmd command
	BpfIterCreateCmd
	// BpfLinkDetachCmd command
	BpfLinkDetachCmd
	// BpfProgBindMapCmd command
	BpfProgBindMapCmd
)

func (BPFCmd) String

func (cmd BPFCmd) String() string

type BPFEvent

type BPFEvent struct {
	SyscallEvent

	Map     BPFMap     `field:"map"`  // eBPF map involved in the BPF command
	Program BPFProgram `field:"prog"` // eBPF program involved in the BPF command
	Cmd     uint32     `field:"cmd"`  // SECLDoc[cmd] Definition:`BPF command name` Constants:`BPF commands`
}

BPFEvent represents a BPF event

func (*BPFEvent) UnmarshalBinary

func (e *BPFEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type BPFHelperFunc

type BPFHelperFunc uint32

BPFHelperFunc represents a BPF helper function

const (
	// BpfUnspec helper function
	BpfUnspec BPFHelperFunc = iota
	// BpfMapLookupElem helper function
	BpfMapLookupElem
	// BpfMapUpdateElem helper function
	BpfMapUpdateElem
	// BpfMapDeleteElem helper function
	BpfMapDeleteElem
	// BpfProbeRead helper function
	BpfProbeRead
	// BpfKtimeGetNs helper function
	BpfKtimeGetNs
	// BpfTracePrintk helper function
	BpfTracePrintk
	// BpfGetPrandomU32 helper function
	BpfGetPrandomU32
	// BpfGetSmpProcessorID helper function
	BpfGetSmpProcessorID
	// BpfSkbStoreBytes helper function
	BpfSkbStoreBytes
	// BpfL3CsumReplace helper function
	BpfL3CsumReplace
	// BpfL4CsumReplace helper function
	BpfL4CsumReplace
	// BpfTailCall helper function
	BpfTailCall
	// BpfCloneRedirect helper function
	BpfCloneRedirect
	// BpfGetCurrentPidTgid helper function
	BpfGetCurrentPidTgid
	// BpfGetCurrentUIDGid helper function
	BpfGetCurrentUIDGid
	// BpfGetCurrentComm helper function
	BpfGetCurrentComm
	// BpfGetCgroupClassid helper function
	BpfGetCgroupClassid
	// BpfSkbVlanPush helper function
	BpfSkbVlanPush
	// BpfSkbVlanPop helper function
	BpfSkbVlanPop
	// BpfSkbGetTunnelKey helper function
	BpfSkbGetTunnelKey
	// BpfSkbSetTunnelKey helper function
	BpfSkbSetTunnelKey
	// BpfPerfEventRead helper function
	BpfPerfEventRead
	// BpfRedirect helper function
	BpfRedirect
	// BpfGetRouteRealm helper function
	BpfGetRouteRealm
	// BpfPerfEventOutput helper function
	BpfPerfEventOutput
	// BpfSkbLoadBytes helper function
	BpfSkbLoadBytes
	// BpfGetStackid helper function
	BpfGetStackid
	// BpfCsumDiff helper function
	BpfCsumDiff
	// BpfSkbGetTunnelOpt helper function
	BpfSkbGetTunnelOpt
	// BpfSkbSetTunnelOpt helper function
	BpfSkbSetTunnelOpt
	// BpfSkbChangeProto helper function
	BpfSkbChangeProto
	// BpfSkbChangeType helper function
	BpfSkbChangeType
	// BpfSkbUnderCgroup helper function
	BpfSkbUnderCgroup
	// BpfGetHashRecalc helper function
	BpfGetHashRecalc
	// BpfGetCurrentTask helper function
	BpfGetCurrentTask
	// BpfProbeWriteUser helper function
	BpfProbeWriteUser
	// BpfCurrentTaskUnderCgroup helper function
	BpfCurrentTaskUnderCgroup
	// BpfSkbChangeTail helper function
	BpfSkbChangeTail
	// BpfSkbPullData helper function
	BpfSkbPullData
	// BpfCsumUpdate helper function
	BpfCsumUpdate
	// BpfSetHashInvalid helper function
	BpfSetHashInvalid
	// BpfGetNumaNodeID helper function
	BpfGetNumaNodeID
	// BpfSkbChangeHead helper function
	BpfSkbChangeHead
	// BpfXdpAdjustHead helper function
	BpfXdpAdjustHead
	// BpfProbeReadStr helper function
	BpfProbeReadStr
	// BpfGetSocketCookie helper function
	BpfGetSocketCookie
	// BpfGetSocketUID helper function
	BpfGetSocketUID
	// BpfSetHash helper function
	BpfSetHash
	// BpfSetsockopt helper function
	BpfSetsockopt
	// BpfSkbAdjustRoom helper function
	BpfSkbAdjustRoom
	// BpfRedirectMap helper function
	BpfRedirectMap
	// BpfSkRedirectMap helper function
	BpfSkRedirectMap
	// BpfSockMapUpdate helper function
	BpfSockMapUpdate
	// BpfXdpAdjustMeta helper function
	BpfXdpAdjustMeta
	// BpfPerfEventReadValue helper function
	BpfPerfEventReadValue
	// BpfPerfProgReadValue helper function
	BpfPerfProgReadValue
	// BpfGetsockopt helper function
	BpfGetsockopt
	// BpfOverrideReturn helper function
	BpfOverrideReturn
	// BpfSockOpsCbFlagsSet helper function
	BpfSockOpsCbFlagsSet
	// BpfMsgRedirectMap helper function
	BpfMsgRedirectMap
	// BpfMsgApplyBytes helper function
	BpfMsgApplyBytes
	// BpfMsgCorkBytes helper function
	BpfMsgCorkBytes
	// BpfMsgPullData helper function
	BpfMsgPullData
	// BpfBind helper function
	BpfBind
	// BpfXdpAdjustTail helper function
	BpfXdpAdjustTail
	// BpfSkbGetXfrmState helper function
	BpfSkbGetXfrmState
	// BpfGetStack helper function
	BpfGetStack
	// BpfSkbLoadBytesRelative helper function
	BpfSkbLoadBytesRelative
	// BpfFibLookup helper function
	BpfFibLookup
	// BpfSockHashUpdate helper function
	BpfSockHashUpdate
	// BpfMsgRedirectHash helper function
	BpfMsgRedirectHash
	// BpfSkRedirectHash helper function
	BpfSkRedirectHash
	// BpfLwtPushEncap helper function
	BpfLwtPushEncap
	// BpfLwtSeg6StoreBytes helper function
	BpfLwtSeg6StoreBytes
	// BpfLwtSeg6AdjustSrh helper function
	BpfLwtSeg6AdjustSrh
	// BpfLwtSeg6Action helper function
	BpfLwtSeg6Action
	// BpfRcRepeat helper function
	BpfRcRepeat
	// BpfRcKeydown helper function
	BpfRcKeydown
	// BpfSkbCgroupID helper function
	BpfSkbCgroupID
	// BpfGetCurrentCgroupID helper function
	BpfGetCurrentCgroupID
	// BpfGetLocalStorage helper function
	BpfGetLocalStorage
	// BpfSkSelectReuseport helper function
	BpfSkSelectReuseport
	// BpfSkbAncestorCgroupID helper function
	BpfSkbAncestorCgroupID
	// BpfSkLookupTCP helper function
	BpfSkLookupTCP
	// BpfSkLookupUDP helper function
	BpfSkLookupUDP
	// BpfSkRelease helper function
	BpfSkRelease
	// BpfMapPushElem helper function
	BpfMapPushElem
	// BpfMapPopElem helper function
	BpfMapPopElem
	// BpfMapPeekElem helper function
	BpfMapPeekElem
	// BpfMsgPushData helper function
	BpfMsgPushData
	// BpfMsgPopData helper function
	BpfMsgPopData
	// BpfRcPointerRel helper function
	BpfRcPointerRel
	// BpfSpinLock helper function
	BpfSpinLock
	// BpfSpinUnlock helper function
	BpfSpinUnlock
	// BpfSkFullsock helper function
	BpfSkFullsock
	// BpfTCPSock helper function
	BpfTCPSock
	// BpfSkbEcnSetCe helper function
	BpfSkbEcnSetCe
	// BpfGetListenerSock helper function
	BpfGetListenerSock
	// BpfSkcLookupTCP helper function
	BpfSkcLookupTCP
	// BpfTCPCheckSyncookie helper function
	BpfTCPCheckSyncookie
	// BpfSysctlGetName helper function
	BpfSysctlGetName
	// BpfSysctlGetCurrentValue helper function
	BpfSysctlGetCurrentValue
	// BpfSysctlGetNewValue helper function
	BpfSysctlGetNewValue
	// BpfSysctlSetNewValue helper function
	BpfSysctlSetNewValue
	// BpfStrtol helper function
	BpfStrtol
	// BpfStrtoul helper function
	BpfStrtoul
	// BpfSkStorageGet helper function
	BpfSkStorageGet
	// BpfSkStorageDelete helper function
	BpfSkStorageDelete
	// BpfSendSignal helper function
	BpfSendSignal
	// BpfTCPGenSyncookie helper function
	BpfTCPGenSyncookie
	// BpfSkbOutput helper function
	BpfSkbOutput
	// BpfProbeReadUser helper function
	BpfProbeReadUser
	// BpfProbeReadKernel helper function
	BpfProbeReadKernel
	// BpfProbeReadUserStr helper function
	BpfProbeReadUserStr
	// BpfProbeReadKernelStr helper function
	BpfProbeReadKernelStr
	// BpfTCPSendAck helper function
	BpfTCPSendAck
	// BpfSendSignalThread helper function
	BpfSendSignalThread
	// BpfJiffies64 helper function
	BpfJiffies64
	// BpfReadBranchRecords helper function
	BpfReadBranchRecords
	// BpfGetNsCurrentPidTgid helper function
	BpfGetNsCurrentPidTgid
	// BpfXdpOutput helper function
	BpfXdpOutput
	// BpfGetNetnsCookie helper function
	BpfGetNetnsCookie
	// BpfGetCurrentAncestorCgroupID helper function
	BpfGetCurrentAncestorCgroupID
	// BpfSkAssign helper function
	BpfSkAssign
	// BpfKtimeGetBootNs helper function
	BpfKtimeGetBootNs
	// BpfSeqPrintf helper function
	BpfSeqPrintf
	// BpfSeqWrite helper function
	BpfSeqWrite
	// BpfSkCgroupID helper function
	BpfSkCgroupID
	// BpfSkAncestorCgroupID helper function
	BpfSkAncestorCgroupID
	// BpfRingbufOutput helper function
	BpfRingbufOutput
	// BpfRingbufReserve helper function
	BpfRingbufReserve
	// BpfRingbufSubmit helper function
	BpfRingbufSubmit
	// BpfRingbufDiscard helper function
	BpfRingbufDiscard
	// BpfRingbufQuery helper function
	BpfRingbufQuery
	// BpfCsumLevel helper function
	BpfCsumLevel
	// BpfSkcToTCP6Sock helper function
	BpfSkcToTCP6Sock
	// BpfSkcToTCPSock helper function
	BpfSkcToTCPSock
	// BpfSkcToTCPTimewaitSock helper function
	BpfSkcToTCPTimewaitSock
	// BpfSkcToTCPRequestSock helper function
	BpfSkcToTCPRequestSock
	// BpfSkcToUDP6Sock helper function
	BpfSkcToUDP6Sock
	// BpfGetTaskStack helper function
	BpfGetTaskStack
	// BpfLoadHdrOpt helper function
	BpfLoadHdrOpt
	// BpfStoreHdrOpt helper function
	BpfStoreHdrOpt
	// BpfReserveHdrOpt helper function
	BpfReserveHdrOpt
	// BpfInodeStorageGet helper function
	BpfInodeStorageGet
	// BpfInodeStorageDelete helper function
	BpfInodeStorageDelete
	// BpfDPath helper function
	BpfDPath
	// BpfCopyFromUser helper function
	BpfCopyFromUser
	// BpfSnprintfBtf helper function
	BpfSnprintfBtf
	// BpfSeqPrintfBtf helper function
	BpfSeqPrintfBtf
	// BpfSkbCgroupClassid helper function
	BpfSkbCgroupClassid
	// BpfRedirectNeigh helper function
	BpfRedirectNeigh
	// BpfPerCPUPtr helper function
	BpfPerCPUPtr
	// BpfThisCPUPtr helper function
	BpfThisCPUPtr
	// BpfRedirectPeer helper function
	BpfRedirectPeer
	// BpfTaskStorageGet helper function
	BpfTaskStorageGet
	// BpfTaskStorageDelete helper function
	BpfTaskStorageDelete
	// BpfGetCurrentTaskBtf helper function
	BpfGetCurrentTaskBtf
	// BpfBprmOptsSet helper function
	BpfBprmOptsSet
	// BpfKtimeGetCoarseNs helper function
	BpfKtimeGetCoarseNs
	// BpfImaInodeHash helper function
	BpfImaInodeHash
	// BpfSockFromFile helper function
	BpfSockFromFile
	// BpfCheckMtu helper function
	BpfCheckMtu
	// BpfForEachMapElem helper function
	BpfForEachMapElem
	// BpfSnprintf helper function
	BpfSnprintf
)

func (BPFHelperFunc) String

func (f BPFHelperFunc) String() string

type BPFMap

type BPFMap struct {
	ID   uint32 `field:"-"`    // ID of the eBPF map
	Type uint32 `field:"type"` // SECLDoc[type] Definition:`Type of the eBPF map` Constants:`BPF map types`
	Name string `field:"name"` // SECLDoc[name] Definition:`Name of the eBPF map (added in 7.35)`
}

BPFMap represents a BPF map

func (*BPFMap) UnmarshalBinary

func (m *BPFMap) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type BPFMapType

type BPFMapType uint32

BPFMapType is used to define map type constants

const (
	// BpfMapTypeUnspec map type
	BpfMapTypeUnspec BPFMapType = iota
	// BpfMapTypeHash map type
	BpfMapTypeHash
	// BpfMapTypeArray map type
	BpfMapTypeArray
	// BpfMapTypeProgArray map type
	BpfMapTypeProgArray
	// BpfMapTypePerfEventArray map type
	BpfMapTypePerfEventArray
	// BpfMapTypePercpuHash map type
	BpfMapTypePercpuHash
	// BpfMapTypePercpuArray map type
	BpfMapTypePercpuArray
	// BpfMapTypeStackTrace map type
	BpfMapTypeStackTrace
	// BpfMapTypeCgroupArray map type
	BpfMapTypeCgroupArray
	// BpfMapTypeLruHash map type
	BpfMapTypeLruHash
	// BpfMapTypeLruPercpuHash map type
	BpfMapTypeLruPercpuHash
	// BpfMapTypeLpmTrie map type
	BpfMapTypeLpmTrie
	// BpfMapTypeArrayOfMaps map type
	BpfMapTypeArrayOfMaps
	// BpfMapTypeHashOfMaps map type
	BpfMapTypeHashOfMaps
	// BpfMapTypeDevmap map type
	BpfMapTypeDevmap
	// BpfMapTypeSockmap map type
	BpfMapTypeSockmap
	// BpfMapTypeCPUmap map type
	BpfMapTypeCPUmap
	// BpfMapTypeXskmap map type
	BpfMapTypeXskmap
	// BpfMapTypeSockhash map type
	BpfMapTypeSockhash
	// BpfMapTypeCgroupStorage map type
	BpfMapTypeCgroupStorage
	// BpfMapTypeReuseportSockarray map type
	BpfMapTypeReuseportSockarray
	// BpfMapTypePercpuCgroupStorage map type
	BpfMapTypePercpuCgroupStorage
	// BpfMapTypeQueue map type
	BpfMapTypeQueue
	// BpfMapTypeStack map type
	BpfMapTypeStack
	// BpfMapTypeSkStorage map type
	BpfMapTypeSkStorage
	// BpfMapTypeDevmapHash map type
	BpfMapTypeDevmapHash
	// BpfMapTypeStructOps map type
	BpfMapTypeStructOps
	// BpfMapTypeRingbuf map type
	BpfMapTypeRingbuf
	// BpfMapTypeInodeStorage map type
	BpfMapTypeInodeStorage
	// BpfMapTypeTaskStorage map type
	BpfMapTypeTaskStorage
)

func (BPFMapType) String

func (t BPFMapType) String() string

type BPFProgram

type BPFProgram struct {
	ID         uint32   `field:"-"`           // ID of the eBPF program
	Type       uint32   `field:"type"`        // SECLDoc[type] Definition:`Type of the eBPF program` Constants:`BPF program types`
	AttachType uint32   `field:"attach_type"` // SECLDoc[attach_type] Definition:`Attach type of the eBPF program` Constants:`BPF attach types`
	Helpers    []uint32 `field:"helpers"`     // SECLDoc[helpers] Definition:`eBPF helpers used by the eBPF program (added in 7.35)` Constants:`BPF helper functions`
	Name       string   `field:"name"`        // SECLDoc[name] Definition:`Name of the eBPF program (added in 7.35)`
	Tag        string   `field:"tag"`         // SECLDoc[tag] Definition:`Hash (sha1) of the eBPF program (added in 7.35)`
}

BPFProgram represents a BPF program

func (*BPFProgram) UnmarshalBinary

func (p *BPFProgram) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type BPFProgramType

type BPFProgramType uint32

BPFProgramType is used to define program type constants

const (
	// BpfProgTypeUnspec program type
	BpfProgTypeUnspec BPFProgramType = iota
	// BpfProgTypeSocketFilter program type
	BpfProgTypeSocketFilter
	// BpfProgTypeKprobe program type
	BpfProgTypeKprobe
	// BpfProgTypeSchedCls program type
	BpfProgTypeSchedCls
	// BpfProgTypeSchedAct program type
	BpfProgTypeSchedAct
	// BpfProgTypeTracepoint program type
	BpfProgTypeTracepoint
	// BpfProgTypeXdp program type
	BpfProgTypeXdp
	// BpfProgTypePerfEvent program type
	BpfProgTypePerfEvent
	// BpfProgTypeCgroupSkb program type
	BpfProgTypeCgroupSkb
	// BpfProgTypeCgroupSock program type
	BpfProgTypeCgroupSock
	// BpfProgTypeLwtIn program type
	BpfProgTypeLwtIn
	// BpfProgTypeLwtOut program type
	BpfProgTypeLwtOut
	// BpfProgTypeLwtXmit program type
	BpfProgTypeLwtXmit
	// BpfProgTypeSockOps program type
	BpfProgTypeSockOps
	// BpfProgTypeSkSkb program type
	BpfProgTypeSkSkb
	// BpfProgTypeCgroupDevice program type
	BpfProgTypeCgroupDevice
	// BpfProgTypeSkMsg program type
	BpfProgTypeSkMsg
	// BpfProgTypeRawTracepoint program type
	BpfProgTypeRawTracepoint
	// BpfProgTypeCgroupSockAddr program type
	BpfProgTypeCgroupSockAddr
	// BpfProgTypeLwtSeg6local program type
	BpfProgTypeLwtSeg6local
	// BpfProgTypeLircMode2 program type
	BpfProgTypeLircMode2
	// BpfProgTypeSkReuseport program type
	BpfProgTypeSkReuseport
	// BpfProgTypeFlowDissector program type
	BpfProgTypeFlowDissector
	// BpfProgTypeCgroupSysctl program type
	BpfProgTypeCgroupSysctl
	// BpfProgTypeRawTracepointWritable program type
	BpfProgTypeRawTracepointWritable
	// BpfProgTypeCgroupSockopt program type
	BpfProgTypeCgroupSockopt
	// BpfProgTypeTracing program type
	BpfProgTypeTracing
	// BpfProgTypeStructOps program type
	BpfProgTypeStructOps
	// BpfProgTypeExt program type
	BpfProgTypeExt
	// BpfProgTypeLsm program type
	BpfProgTypeLsm
	// BpfProgTypeSkLookup program type
	BpfProgTypeSkLookup
)

func (BPFProgramType) String

func (t BPFProgramType) String() string

type BaseEvent added in v0.48.0

type BaseEvent struct {
	ID            string         `field:"-"`
	Type          uint32         `field:"-"`
	Flags         uint32         `field:"-"`
	TimestampRaw  uint64         `field:"event.timestamp,handler:ResolveEventTimestamp"` // SECLDoc[event.timestamp] Definition:`Timestamp of the event`
	Timestamp     time.Time      `field:"timestamp,opts:getters_only,handler:ResolveEventTime"`
	Rules         []*MatchedRule `field:"-"`
	ActionReports []ActionReport `field:"-"`
	Os            string         `field:"event.os"`                                          // SECLDoc[event.os] Definition:`Operating system of the event`
	Origin        string         `field:"event.origin"`                                      // SECLDoc[event.origin] Definition:`Origin of the event`
	Service       string         `field:"event.service,handler:ResolveService,opts:skip_ad"` // SECLDoc[event.service] Definition:`Service associated with the event`
	Hostname      string         `field:"event.hostname,handler:ResolveHostname"`            // SECLDoc[event.hostname] Definition:`Hostname associated with the event`

	// context shared with all events
	ProcessContext         *ProcessContext        `field:"process"`
	ContainerContext       *ContainerContext      `field:"container"`
	SecurityProfileContext SecurityProfileContext `field:"-"`

	// internal usage
	PIDContext        PIDContext         `field:"-"`
	ProcessCacheEntry *ProcessCacheEntry `field:"-"`

	// mark event with having error
	Error error `field:"-"`

	// field resolution
	FieldHandlers FieldHandlers `field:"-"`
}

BaseEvent represents an event sent from the kernel

type BaseExtraFieldHandlers added in v0.50.0

type BaseExtraFieldHandlers interface {
	ResolveProcessCacheEntry(ev *Event, newEntryCb func(*ProcessCacheEntry, error)) (*ProcessCacheEntry, bool)
	ResolveContainerContext(ev *Event) (*ContainerContext, bool)
}

BaseExtraFieldHandlers handlers not hold by any field

type BinaryMarshaler added in v0.36.0

type BinaryMarshaler interface {
	MarshalBinary(data []byte) (int, error)
}

BinaryMarshaler interface implemented by every event type

type BinaryUnmarshaler

type BinaryUnmarshaler interface {
	UnmarshalBinary(data []byte) (int, error)
}

BinaryUnmarshaler interface implemented by every event type

type BindEvent added in v0.37.0

type BindEvent struct {
	SyscallEvent

	Addr       IPPortContext `field:"addr"`        // Bound address
	AddrFamily uint16        `field:"addr.family"` // SECLDoc[addr.family] Definition:`Address family`
	Protocol   uint16        `field:"protocol"`    // SECLDoc[protocol] Definition:`Socket Protocol`
}

BindEvent represents a bind event

func (*BindEvent) UnmarshalBinary added in v0.37.0

func (e *BindEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type CGroupContext added in v0.57.0

type CGroupContext struct {
	CGroupID      containerutils.CGroupID    `field:"id,handler:ResolveCGroupID"` // SECLDoc[id] Definition:`ID of the cgroup`
	CGroupFlags   containerutils.CGroupFlags `field:"-"`
	CGroupManager string                     `field:"manager,handler:ResolveCGroupManager"` // SECLDoc[manager] Definition:`Lifecycle manager of the cgroup`
	CGroupFile    PathKey                    `field:"file"`
}

CGroupContext holds the cgroup context of an event

func (*CGroupContext) UnmarshalBinary added in v0.57.0

func (e *CGroupContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type CapsetEvent

type CapsetEvent struct {
	CapEffective uint64 `field:"cap_effective"` // SECLDoc[cap_effective] Definition:`Effective capability set of the process` Constants:`Kernel Capability constants`
	CapPermitted uint64 `field:"cap_permitted"` // SECLDoc[cap_permitted] Definition:`Permitted capability set of the process` Constants:`Kernel Capability constants`
}

CapsetEvent represents a capset event

func (*CapsetEvent) UnmarshalBinary

func (e *CapsetEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type CgroupTracingEvent added in v0.36.0

type CgroupTracingEvent struct {
	ContainerContext ContainerContext
	CGroupContext    CGroupContext
	Config           ActivityDumpLoadConfig
	ConfigCookie     uint64
}

CgroupTracingEvent is used to signal that a new cgroup should be traced by the activity dump manager

func (*CgroupTracingEvent) UnmarshalBinary added in v0.36.0

func (e *CgroupTracingEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type CgroupWriteEvent added in v0.57.0

type CgroupWriteEvent struct {
	File        FileEvent `field:"file"` // Path to the cgroup
	Pid         uint32    `field:"-"`    // PID of the process added to the cgroup
	CGroupFlags uint32    `field:"-"`    // CGroup flags
}

CgroupWriteEvent is used to signal that a new cgroup was created

func (*CgroupWriteEvent) UnmarshalBinary added in v0.57.0

func (e *CgroupWriteEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type ChdirEvent added in v0.51.1

type ChdirEvent struct {
	SyscallEvent
	SyscallContext
	File FileEvent `field:"file"`

	// Syscall context aliases
	SyscallPath string `field:"syscall.path,ref:chdir.syscall.str1"` // SECLDoc[syscall.path] Definition:`path argument of the syscall`
}

ChdirEvent represents a chdir event

func (*ChdirEvent) UnmarshalBinary added in v0.51.1

func (e *ChdirEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type ChmodEvent

type ChmodEvent struct {
	SyscallEvent
	SyscallContext
	File FileEvent `field:"file"`
	Mode uint32    `field:"file.destination.mode; file.destination.rights"` // SECLDoc[file.destination.mode] Definition:`New mode of the chmod-ed file` Constants:`File mode constants` SECLDoc[file.destination.rights] Definition:`New rights of the chmod-ed file` Constants:`File mode constants`

	// Syscall context aliases
	SyscallPath string `field:"syscall.path,ref:chmod.syscall.str1"` // SECLDoc[syscall.path] Definition:`path argument of the syscall`
	SyscallMode int64  `field:"syscall.mode,ref:chmod.syscall.int2"` // SECLDoc[syscall.mode] Definition:`mode argument of the syscall`
}

ChmodEvent represents a chmod event

func (*ChmodEvent) UnmarshalBinary

func (e *ChmodEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type ChownEvent

type ChownEvent struct {
	SyscallEvent
	SyscallContext
	File  FileEvent `field:"file"`
	UID   int64     `field:"file.destination.uid"`                           // SECLDoc[file.destination.uid] Definition:`New UID of the chown-ed file's owner`
	User  string    `field:"file.destination.user,handler:ResolveChownUID"`  // SECLDoc[file.destination.user] Definition:`New user of the chown-ed file's owner`
	GID   int64     `field:"file.destination.gid"`                           // SECLDoc[file.destination.gid] Definition:`New GID of the chown-ed file's owner`
	Group string    `field:"file.destination.group,handler:ResolveChownGID"` // SECLDoc[file.destination.group] Definition:`New group of the chown-ed file's owner`

	// Syscall context aliases
	SyscallPath string `field:"syscall.path,ref:chown.syscall.str1"` // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
	SyscallUID  int64  `field:"syscall.uid,ref:chown.syscall.int2"`  // SECLDoc[syscall.uid] Definition:`UID argument of the syscall`
	SyscallGID  int64  `field:"syscall.gid,ref:chown.syscall.int3"`  // SECLDoc[syscall.gid] Definition:`GID argument of the syscall`
}

ChownEvent represents a chown event

func (*ChownEvent) UnmarshalBinary

func (e *ChownEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type ConnectEvent added in v0.60.0

type ConnectEvent struct {
	SyscallEvent

	Addr       IPPortContext `field:"addr"`        // Connection address
	AddrFamily uint16        `field:"addr.family"` // SECLDoc[addr.family] Definition:`Address family`
	Protocol   uint16        `field:"protocol"`    // SECLDoc[protocol] Definition:`Socket Protocol`
}

ConnectEvent represents a connect event

func (*ConnectEvent) UnmarshalBinary added in v0.60.0

func (e *ConnectEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type ContainerContext

type ContainerContext struct {
	Releasable
	ContainerID containerutils.ContainerID `field:"id,handler:ResolveContainerID"`                              // SECLDoc[id] Definition:`ID of the container`
	CreatedAt   uint64                     `field:"created_at,handler:ResolveContainerCreatedAt"`               // SECLDoc[created_at] Definition:`Timestamp of the creation of the container“
	Tags        []string                   `field:"tags,handler:ResolveContainerTags,opts:skip_ad,weight:9999"` // SECLDoc[tags] Definition:`Tags of the container`
	Resolved    bool                       `field:"-"`
	Runtime     string                     `field:"runtime,handler:ResolveContainerRuntime"` // SECLDoc[runtime] Definition:`Runtime managing the container`
}

ContainerContext holds the container context of an event

func (*ContainerContext) UnmarshalBinary

func (e *ContainerContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type Credentials

type Credentials struct {
	UID   uint32 `field:"uid"`   // SECLDoc[uid] Definition:`UID of the process`
	GID   uint32 `field:"gid"`   // SECLDoc[gid] Definition:`GID of the process`
	User  string `field:"user"`  // SECLDoc[user] Definition:`User of the process` Example:`process.user == "root"` Description:`Constrain an event to be triggered by a process running as the root user.`
	Group string `field:"group"` // SECLDoc[group] Definition:`Group of the process`

	EUID   uint32 `field:"euid"`   // SECLDoc[euid] Definition:`Effective UID of the process`
	EGID   uint32 `field:"egid"`   // SECLDoc[egid] Definition:`Effective GID of the process`
	EUser  string `field:"euser"`  // SECLDoc[euser] Definition:`Effective user of the process`
	EGroup string `field:"egroup"` // SECLDoc[egroup] Definition:`Effective group of the process`

	FSUID   uint32 `field:"fsuid"`   // SECLDoc[fsuid] Definition:`FileSystem-uid of the process`
	FSGID   uint32 `field:"fsgid"`   // SECLDoc[fsgid] Definition:`FileSystem-gid of the process`
	FSUser  string `field:"fsuser"`  // SECLDoc[fsuser] Definition:`FileSystem-user of the process`
	FSGroup string `field:"fsgroup"` // SECLDoc[fsgroup] Definition:`FileSystem-group of the process`

	AUID uint32 `field:"auid"` // SECLDoc[auid] Definition:`Login UID of the process`

	CapEffective uint64 `field:"cap_effective"` // SECLDoc[cap_effective] Definition:`Effective capability set of the process` Constants:`Kernel Capability constants`
	CapPermitted uint64 `field:"cap_permitted"` // SECLDoc[cap_permitted] Definition:`Permitted capability set of the process` Constants:`Kernel Capability constants`
}

Credentials represents the kernel credentials of a process

func (*Credentials) Equals added in v0.47.0

func (c *Credentials) Equals(o *Credentials) bool

Equals returns if both credentials are equal

func (*Credentials) MarshalBinary added in v0.36.0

func (e *Credentials) MarshalBinary(data []byte) (int, error)

MarshalBinary marshalls a binary representation of itself

func (*Credentials) UnmarshalBinary

func (e *Credentials) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type DNSEvent added in v0.36.0

type DNSEvent struct {
	ID    uint16 `field:"id"`                                                              // SECLDoc[id] Definition:`[Experimental] the DNS request ID`
	Name  string `field:"question.name,opts:length" op_override:"eval.CaseInsensitiveCmp"` // SECLDoc[question.name] Definition:`the queried domain name`
	Type  uint16 `field:"question.type"`                                                   // SECLDoc[question.type] Definition:`a two octet code which specifies the DNS question type` Constants:`DNS qtypes`
	Class uint16 `field:"question.class"`                                                  // SECLDoc[question.class] Definition:`the class looked up by the DNS question` Constants:`DNS qclasses`
	Size  uint16 `field:"question.length"`                                                 // SECLDoc[question.length] Definition:`the total DNS request size in bytes`
	Count uint16 `field:"question.count"`                                                  // SECLDoc[question.count] Definition:`the total count of questions in the DNS request`
}

DNSEvent represents a DNS event

func (*DNSEvent) Matches added in v0.53.0

func (de *DNSEvent) Matches(new *DNSEvent) bool

Matches returns true if the two DNS events matches

func (*DNSEvent) UnmarshalBinary added in v0.36.0

func (e *DNSEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type EnvsEntry

type EnvsEntry struct {
	Values    []string
	Truncated bool
	// contains filtered or unexported fields
}

EnvsEntry defines a args cache entry

func (*EnvsEntry) Equals added in v0.36.0

func (p *EnvsEntry) Equals(o *EnvsEntry) bool

Equals compares two EnvsEntry

func (*EnvsEntry) FilterEnvs added in v0.39.0

func (p *EnvsEntry) FilterEnvs(envsWithValue map[string]bool) ([]string, bool)

FilterEnvs returns an array of envs, only the name of each variable is returned unless the variable name is part of the provided filter

func (*EnvsEntry) Get

func (p *EnvsEntry) Get(key string) string

Get returns the value for the given key

type ErrInvalidKeyPath added in v0.44.0

type ErrInvalidKeyPath struct {
	Inode   uint64
	MountID uint32
}

ErrInvalidKeyPath is returned when inode or mountid are not valid

func (*ErrInvalidKeyPath) Error added in v0.44.0

func (e *ErrInvalidKeyPath) Error() string

type ErrProcessBrokenLineage added in v0.50.0

type ErrProcessBrokenLineage struct {
	Err error
}

ErrProcessBrokenLineage returned when a process lineage is broken

func (*ErrProcessBrokenLineage) Error added in v0.50.0

func (e *ErrProcessBrokenLineage) Error() string

Error implements the error interface

func (*ErrProcessBrokenLineage) Unwrap added in v0.50.0

func (e *ErrProcessBrokenLineage) Unwrap() error

Unwrap implements the error interface

type ErrProcessIncompleteLineage added in v0.50.0

type ErrProcessIncompleteLineage struct {
	PID         uint32
	PPID        uint32
	ContainerID string
}

ErrProcessIncompleteLineage used when the lineage is incorrect in term of pid/ppid

func (*ErrProcessIncompleteLineage) Error added in v0.50.0

type ErrProcessMissingParentNode added in v0.50.0

type ErrProcessMissingParentNode struct {
	PID         uint32
	PPID        uint32
	ContainerID string
}

ErrProcessMissingParentNode used when the lineage is incorrect in term of pid/ppid

func (*ErrProcessMissingParentNode) Error added in v0.50.0

type ErrProcessWrongParentNode added in v0.50.0

type ErrProcessWrongParentNode struct {
	PID         uint32
	PPID        uint32
	ContainerID string
}

ErrProcessWrongParentNode used when the lineage is correct in term of pid/ppid but an exec parent is missing

func (*ErrProcessWrongParentNode) Error added in v0.50.0

func (e *ErrProcessWrongParentNode) Error() string

type Event

type Event struct {
	BaseEvent

	// globals
	Async bool `field:"event.async,handler:ResolveAsync"` // SECLDoc[event.async] Definition:`True if the syscall was asynchronous`

	// context
	SpanContext    SpanContext    `field:"-"`
	NetworkContext NetworkContext `field:"network" restricted_to:"dns,imds"` // [7.36] [Network] Network context
	CGroupContext  CGroupContext  `field:"cgroup"`

	// fim events
	Chmod       ChmodEvent    `field:"chmod" event:"chmod"`             // [7.27] [File] A file’s permissions were changed
	Chown       ChownEvent    `field:"chown" event:"chown"`             // [7.27] [File] A file’s owner was changed
	Open        OpenEvent     `field:"open" event:"open"`               // [7.27] [File] A file was opened
	Mkdir       MkdirEvent    `field:"mkdir" event:"mkdir"`             // [7.27] [File] A directory was created
	Rmdir       RmdirEvent    `field:"rmdir" event:"rmdir"`             // [7.27] [File] A directory was removed
	Rename      RenameEvent   `field:"rename" event:"rename"`           // [7.27] [File] A file/directory was renamed
	Unlink      UnlinkEvent   `field:"unlink" event:"unlink"`           // [7.27] [File] A file was deleted
	Utimes      UtimesEvent   `field:"utimes" event:"utimes"`           // [7.27] [File] Change file access/modification times
	Link        LinkEvent     `field:"link" event:"link"`               // [7.27] [File] Create a new name/alias for a file
	SetXAttr    SetXAttrEvent `field:"setxattr" event:"setxattr"`       // [7.27] [File] Set exteneded attributes
	RemoveXAttr SetXAttrEvent `field:"removexattr" event:"removexattr"` // [7.27] [File] Remove extended attributes
	Splice      SpliceEvent   `field:"splice" event:"splice"`           // [7.36] [File] A splice command was executed
	Mount       MountEvent    `field:"mount" event:"mount"`             // [7.42] [File] [Experimental] A filesystem was mounted
	Chdir       ChdirEvent    `field:"chdir" event:"chdir"`             // [7.52] [File] [Experimental] A process changed the current directory

	// process events
	Exec          ExecEvent          `field:"exec" event:"exec"`     // [7.27] [Process] A process was executed or forked
	SetUID        SetuidEvent        `field:"setuid" event:"setuid"` // [7.27] [Process] A process changed its effective uid
	SetGID        SetgidEvent        `field:"setgid" event:"setgid"` // [7.27] [Process] A process changed its effective gid
	Capset        CapsetEvent        `field:"capset" event:"capset"` // [7.27] [Process] A process changed its capacity set
	Signal        SignalEvent        `field:"signal" event:"signal"` // [7.35] [Process] A signal was sent
	Exit          ExitEvent          `field:"exit" event:"exit"`     // [7.38] [Process] A process was terminated
	Syscalls      SyscallsEvent      `field:"-"`
	LoginUIDWrite LoginUIDWriteEvent `field:"-"`

	// network syscalls
	Bind    BindEvent    `field:"bind" event:"bind"`       // [7.37] [Network] A bind was executed
	Connect ConnectEvent `field:"connect" event:"connect"` // [7.60] [Network] A connect was executed

	// kernel events
	SELinux      SELinuxEvent      `field:"selinux" event:"selinux"`             // [7.30] [Kernel] An SELinux operation was run
	BPF          BPFEvent          `field:"bpf" event:"bpf"`                     // [7.33] [Kernel] A BPF command was executed
	PTrace       PTraceEvent       `field:"ptrace" event:"ptrace"`               // [7.35] [Kernel] A ptrace command was executed
	MMap         MMapEvent         `field:"mmap" event:"mmap"`                   // [7.35] [Kernel] A mmap command was executed
	MProtect     MProtectEvent     `field:"mprotect" event:"mprotect"`           // [7.35] [Kernel] A mprotect command was executed
	LoadModule   LoadModuleEvent   `field:"load_module" event:"load_module"`     // [7.35] [Kernel] A new kernel module was loaded
	UnloadModule UnloadModuleEvent `field:"unload_module" event:"unload_module"` // [7.35] [Kernel] A kernel module was deleted

	// network events
	DNS       DNSEvent       `field:"dns" event:"dns"`       // [7.36] [Network] A DNS request was sent
	IMDS      IMDSEvent      `field:"imds" event:"imds"`     // [7.55] [Network] An IMDS event was captured
	RawPacket RawPacketEvent `field:"packet" event:"packet"` // [7.60] [Network] A raw network packet captured

	// on-demand events
	OnDemand OnDemandEvent `field:"ondemand" event:"ondemand"`

	// internal usage
	Umount           UmountEvent           `field:"-"`
	InvalidateDentry InvalidateDentryEvent `field:"-"`
	ArgsEnvs         ArgsEnvsEvent         `field:"-"`
	MountReleased    MountReleasedEvent    `field:"-"`
	CgroupTracing    CgroupTracingEvent    `field:"-"`
	CgroupWrite      CgroupWriteEvent      `field:"-"`
	NetDevice        NetDeviceEvent        `field:"-"`
	VethPair         VethPairEvent         `field:"-"`
	UnshareMountNS   UnshareMountNSEvent   `field:"-"`
}

Event represents an event sent from the kernel genaccessors

func NewFakeEvent added in v0.52.0

func NewFakeEvent() *Event

NewFakeEvent returns a new event using the default field handlers

func (*Event) AddToFlags added in v0.45.0

func (e *Event) AddToFlags(flag uint32)

AddToFlags adds a flag to the event

func (*Event) GetActionReports added in v0.52.0

func (e *Event) GetActionReports() []ActionReport

GetActionReports returns the triggred action reports

func (*Event) GetBindAddrFamily added in v0.49.0

func (ev *Event) GetBindAddrFamily() uint16

GetBindAddrFamily returns the value of the field, resolving if necessary

func (*Event) GetBindAddrIp added in v0.49.0

func (ev *Event) GetBindAddrIp() net.IPNet

GetBindAddrIp returns the value of the field, resolving if necessary

func (*Event) GetBindAddrIsPublic

func (ev *Event) GetBindAddrIsPublic() bool

GetBindAddrIsPublic returns the value of the field, resolving if necessary

func (*Event) GetBindAddrPort added in v0.49.0

func (ev *Event) GetBindAddrPort() uint16

GetBindAddrPort returns the value of the field, resolving if necessary

func (*Event) GetBindProtocol

func (ev *Event) GetBindProtocol() uint16

GetBindProtocol returns the value of the field, resolving if necessary

func (*Event) GetBindRetval added in v0.49.0

func (ev *Event) GetBindRetval() int64

GetBindRetval returns the value of the field, resolving if necessary

func (*Event) GetBpfCmd added in v0.49.0

func (ev *Event) GetBpfCmd() uint32

GetBpfCmd returns the value of the field, resolving if necessary

func (*Event) GetBpfMapName added in v0.49.0

func (ev *Event) GetBpfMapName() string

GetBpfMapName returns the value of the field, resolving if necessary

func (*Event) GetBpfMapType added in v0.49.0

func (ev *Event) GetBpfMapType() uint32

GetBpfMapType returns the value of the field, resolving if necessary

func (*Event) GetBpfProgAttachType added in v0.49.0

func (ev *Event) GetBpfProgAttachType() uint32

GetBpfProgAttachType returns the value of the field, resolving if necessary

func (*Event) GetBpfProgHelpers added in v0.49.0

func (ev *Event) GetBpfProgHelpers() []uint32

GetBpfProgHelpers returns the value of the field, resolving if necessary

func (*Event) GetBpfProgName added in v0.49.0

func (ev *Event) GetBpfProgName() string

GetBpfProgName returns the value of the field, resolving if necessary

func (*Event) GetBpfProgTag added in v0.49.0

func (ev *Event) GetBpfProgTag() string

GetBpfProgTag returns the value of the field, resolving if necessary

func (*Event) GetBpfProgType added in v0.49.0

func (ev *Event) GetBpfProgType() uint32

GetBpfProgType returns the value of the field, resolving if necessary

func (*Event) GetBpfRetval added in v0.49.0

func (ev *Event) GetBpfRetval() int64

GetBpfRetval returns the value of the field, resolving if necessary

func (*Event) GetCapsetCapEffective added in v0.49.0

func (ev *Event) GetCapsetCapEffective() uint64

GetCapsetCapEffective returns the value of the field, resolving if necessary

func (*Event) GetCapsetCapPermitted added in v0.49.0

func (ev *Event) GetCapsetCapPermitted() uint64

GetCapsetCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetCgroupFileInode added in v0.57.0

func (ev *Event) GetCgroupFileInode() uint64

GetCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetCgroupFileMountId added in v0.57.0

func (ev *Event) GetCgroupFileMountId() uint32

GetCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetCgroupId added in v0.57.0

func (ev *Event) GetCgroupId() string

GetCgroupId returns the value of the field, resolving if necessary

func (*Event) GetCgroupManager added in v0.57.0

func (ev *Event) GetCgroupManager() string

GetCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetChdirFileChangeTime added in v0.51.1

func (ev *Event) GetChdirFileChangeTime() uint64

GetChdirFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetChdirFileFilesystem added in v0.51.1

func (ev *Event) GetChdirFileFilesystem() string

GetChdirFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetChdirFileGid added in v0.51.1

func (ev *Event) GetChdirFileGid() uint32

GetChdirFileGid returns the value of the field, resolving if necessary

func (*Event) GetChdirFileGroup added in v0.51.1

func (ev *Event) GetChdirFileGroup() string

GetChdirFileGroup returns the value of the field, resolving if necessary

func (*Event) GetChdirFileHashes added in v0.51.1

func (ev *Event) GetChdirFileHashes() []string

GetChdirFileHashes returns the value of the field, resolving if necessary

func (*Event) GetChdirFileInUpperLayer added in v0.51.1

func (ev *Event) GetChdirFileInUpperLayer() bool

GetChdirFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetChdirFileInode added in v0.51.1

func (ev *Event) GetChdirFileInode() uint64

GetChdirFileInode returns the value of the field, resolving if necessary

func (*Event) GetChdirFileMode added in v0.51.1

func (ev *Event) GetChdirFileMode() uint16

GetChdirFileMode returns the value of the field, resolving if necessary

func (*Event) GetChdirFileModificationTime added in v0.51.1

func (ev *Event) GetChdirFileModificationTime() uint64

GetChdirFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetChdirFileMountId added in v0.51.1

func (ev *Event) GetChdirFileMountId() uint32

GetChdirFileMountId returns the value of the field, resolving if necessary

func (*Event) GetChdirFileName added in v0.51.1

func (ev *Event) GetChdirFileName() string

GetChdirFileName returns the value of the field, resolving if necessary

func (*Event) GetChdirFileNameLength added in v0.51.1

func (ev *Event) GetChdirFileNameLength() int

GetChdirFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetChdirFilePackageName added in v0.51.1

func (ev *Event) GetChdirFilePackageName() string

GetChdirFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetChdirFilePackageSourceVersion added in v0.51.1

func (ev *Event) GetChdirFilePackageSourceVersion() string

GetChdirFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetChdirFilePackageVersion added in v0.51.1

func (ev *Event) GetChdirFilePackageVersion() string

GetChdirFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetChdirFilePath added in v0.51.1

func (ev *Event) GetChdirFilePath() string

GetChdirFilePath returns the value of the field, resolving if necessary

func (*Event) GetChdirFilePathLength added in v0.51.1

func (ev *Event) GetChdirFilePathLength() int

GetChdirFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetChdirFileRights added in v0.51.1

func (ev *Event) GetChdirFileRights() int

GetChdirFileRights returns the value of the field, resolving if necessary

func (*Event) GetChdirFileUid added in v0.51.1

func (ev *Event) GetChdirFileUid() uint32

GetChdirFileUid returns the value of the field, resolving if necessary

func (*Event) GetChdirFileUser added in v0.51.1

func (ev *Event) GetChdirFileUser() string

GetChdirFileUser returns the value of the field, resolving if necessary

func (*Event) GetChdirRetval added in v0.51.1

func (ev *Event) GetChdirRetval() int64

GetChdirRetval returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallInt1 added in v0.55.0

func (ev *Event) GetChdirSyscallInt1() int

GetChdirSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallInt2 added in v0.55.0

func (ev *Event) GetChdirSyscallInt2() int

GetChdirSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallInt3 added in v0.55.0

func (ev *Event) GetChdirSyscallInt3() int

GetChdirSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallPath added in v0.55.0

func (ev *Event) GetChdirSyscallPath() string

GetChdirSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallStr1 added in v0.55.0

func (ev *Event) GetChdirSyscallStr1() string

GetChdirSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallStr2 added in v0.55.0

func (ev *Event) GetChdirSyscallStr2() string

GetChdirSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetChdirSyscallStr3 added in v0.55.0

func (ev *Event) GetChdirSyscallStr3() string

GetChdirSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetChmodFileChangeTime added in v0.49.0

func (ev *Event) GetChmodFileChangeTime() uint64

GetChmodFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetChmodFileDestinationMode added in v0.49.0

func (ev *Event) GetChmodFileDestinationMode() uint32

GetChmodFileDestinationMode returns the value of the field, resolving if necessary

func (*Event) GetChmodFileDestinationRights added in v0.49.0

func (ev *Event) GetChmodFileDestinationRights() uint32

GetChmodFileDestinationRights returns the value of the field, resolving if necessary

func (*Event) GetChmodFileFilesystem added in v0.49.0

func (ev *Event) GetChmodFileFilesystem() string

GetChmodFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetChmodFileGid added in v0.49.0

func (ev *Event) GetChmodFileGid() uint32

GetChmodFileGid returns the value of the field, resolving if necessary

func (*Event) GetChmodFileGroup added in v0.49.0

func (ev *Event) GetChmodFileGroup() string

GetChmodFileGroup returns the value of the field, resolving if necessary

func (*Event) GetChmodFileHashes added in v0.49.0

func (ev *Event) GetChmodFileHashes() []string

GetChmodFileHashes returns the value of the field, resolving if necessary

func (*Event) GetChmodFileInUpperLayer added in v0.49.0

func (ev *Event) GetChmodFileInUpperLayer() bool

GetChmodFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetChmodFileInode added in v0.49.0

func (ev *Event) GetChmodFileInode() uint64

GetChmodFileInode returns the value of the field, resolving if necessary

func (*Event) GetChmodFileMode added in v0.49.0

func (ev *Event) GetChmodFileMode() uint16

GetChmodFileMode returns the value of the field, resolving if necessary

func (*Event) GetChmodFileModificationTime added in v0.49.0

func (ev *Event) GetChmodFileModificationTime() uint64

GetChmodFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetChmodFileMountId added in v0.49.0

func (ev *Event) GetChmodFileMountId() uint32

GetChmodFileMountId returns the value of the field, resolving if necessary

func (*Event) GetChmodFileName added in v0.49.0

func (ev *Event) GetChmodFileName() string

GetChmodFileName returns the value of the field, resolving if necessary

func (*Event) GetChmodFileNameLength added in v0.49.0

func (ev *Event) GetChmodFileNameLength() int

GetChmodFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetChmodFilePackageName added in v0.49.0

func (ev *Event) GetChmodFilePackageName() string

GetChmodFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetChmodFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetChmodFilePackageSourceVersion() string

GetChmodFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetChmodFilePackageVersion added in v0.49.0

func (ev *Event) GetChmodFilePackageVersion() string

GetChmodFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetChmodFilePath added in v0.49.0

func (ev *Event) GetChmodFilePath() string

GetChmodFilePath returns the value of the field, resolving if necessary

func (*Event) GetChmodFilePathLength added in v0.49.0

func (ev *Event) GetChmodFilePathLength() int

GetChmodFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetChmodFileRights added in v0.49.0

func (ev *Event) GetChmodFileRights() int

GetChmodFileRights returns the value of the field, resolving if necessary

func (*Event) GetChmodFileUid added in v0.49.0

func (ev *Event) GetChmodFileUid() uint32

GetChmodFileUid returns the value of the field, resolving if necessary

func (*Event) GetChmodFileUser added in v0.49.0

func (ev *Event) GetChmodFileUser() string

GetChmodFileUser returns the value of the field, resolving if necessary

func (*Event) GetChmodRetval added in v0.49.0

func (ev *Event) GetChmodRetval() int64

GetChmodRetval returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallInt1 added in v0.55.0

func (ev *Event) GetChmodSyscallInt1() int

GetChmodSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallInt2 added in v0.55.0

func (ev *Event) GetChmodSyscallInt2() int

GetChmodSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallInt3 added in v0.55.0

func (ev *Event) GetChmodSyscallInt3() int

GetChmodSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallMode added in v0.55.0

func (ev *Event) GetChmodSyscallMode() int

GetChmodSyscallMode returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallPath added in v0.55.0

func (ev *Event) GetChmodSyscallPath() string

GetChmodSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallStr1 added in v0.55.0

func (ev *Event) GetChmodSyscallStr1() string

GetChmodSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallStr2 added in v0.55.0

func (ev *Event) GetChmodSyscallStr2() string

GetChmodSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetChmodSyscallStr3 added in v0.55.0

func (ev *Event) GetChmodSyscallStr3() string

GetChmodSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetChownFileChangeTime added in v0.49.0

func (ev *Event) GetChownFileChangeTime() uint64

GetChownFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetChownFileDestinationGid added in v0.49.0

func (ev *Event) GetChownFileDestinationGid() int64

GetChownFileDestinationGid returns the value of the field, resolving if necessary

func (*Event) GetChownFileDestinationGroup added in v0.49.0

func (ev *Event) GetChownFileDestinationGroup() string

GetChownFileDestinationGroup returns the value of the field, resolving if necessary

func (*Event) GetChownFileDestinationUid added in v0.49.0

func (ev *Event) GetChownFileDestinationUid() int64

GetChownFileDestinationUid returns the value of the field, resolving if necessary

func (*Event) GetChownFileDestinationUser added in v0.49.0

func (ev *Event) GetChownFileDestinationUser() string

GetChownFileDestinationUser returns the value of the field, resolving if necessary

func (*Event) GetChownFileFilesystem added in v0.49.0

func (ev *Event) GetChownFileFilesystem() string

GetChownFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetChownFileGid added in v0.49.0

func (ev *Event) GetChownFileGid() uint32

GetChownFileGid returns the value of the field, resolving if necessary

func (*Event) GetChownFileGroup added in v0.49.0

func (ev *Event) GetChownFileGroup() string

GetChownFileGroup returns the value of the field, resolving if necessary

func (*Event) GetChownFileHashes added in v0.49.0

func (ev *Event) GetChownFileHashes() []string

GetChownFileHashes returns the value of the field, resolving if necessary

func (*Event) GetChownFileInUpperLayer added in v0.49.0

func (ev *Event) GetChownFileInUpperLayer() bool

GetChownFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetChownFileInode added in v0.49.0

func (ev *Event) GetChownFileInode() uint64

GetChownFileInode returns the value of the field, resolving if necessary

func (*Event) GetChownFileMode added in v0.49.0

func (ev *Event) GetChownFileMode() uint16

GetChownFileMode returns the value of the field, resolving if necessary

func (*Event) GetChownFileModificationTime added in v0.49.0

func (ev *Event) GetChownFileModificationTime() uint64

GetChownFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetChownFileMountId added in v0.49.0

func (ev *Event) GetChownFileMountId() uint32

GetChownFileMountId returns the value of the field, resolving if necessary

func (*Event) GetChownFileName added in v0.49.0

func (ev *Event) GetChownFileName() string

GetChownFileName returns the value of the field, resolving if necessary

func (*Event) GetChownFileNameLength added in v0.49.0

func (ev *Event) GetChownFileNameLength() int

GetChownFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetChownFilePackageName added in v0.49.0

func (ev *Event) GetChownFilePackageName() string

GetChownFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetChownFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetChownFilePackageSourceVersion() string

GetChownFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetChownFilePackageVersion added in v0.49.0

func (ev *Event) GetChownFilePackageVersion() string

GetChownFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetChownFilePath added in v0.49.0

func (ev *Event) GetChownFilePath() string

GetChownFilePath returns the value of the field, resolving if necessary

func (*Event) GetChownFilePathLength added in v0.49.0

func (ev *Event) GetChownFilePathLength() int

GetChownFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetChownFileRights added in v0.49.0

func (ev *Event) GetChownFileRights() int

GetChownFileRights returns the value of the field, resolving if necessary

func (*Event) GetChownFileUid added in v0.49.0

func (ev *Event) GetChownFileUid() uint32

GetChownFileUid returns the value of the field, resolving if necessary

func (*Event) GetChownFileUser added in v0.49.0

func (ev *Event) GetChownFileUser() string

GetChownFileUser returns the value of the field, resolving if necessary

func (*Event) GetChownRetval added in v0.49.0

func (ev *Event) GetChownRetval() int64

GetChownRetval returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallGid added in v0.56.0

func (ev *Event) GetChownSyscallGid() int

GetChownSyscallGid returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallInt1 added in v0.56.0

func (ev *Event) GetChownSyscallInt1() int

GetChownSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallInt2 added in v0.56.0

func (ev *Event) GetChownSyscallInt2() int

GetChownSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallInt3 added in v0.56.0

func (ev *Event) GetChownSyscallInt3() int

GetChownSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallPath added in v0.56.0

func (ev *Event) GetChownSyscallPath() string

GetChownSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallStr1 added in v0.56.0

func (ev *Event) GetChownSyscallStr1() string

GetChownSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallStr2 added in v0.56.0

func (ev *Event) GetChownSyscallStr2() string

GetChownSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallStr3 added in v0.56.0

func (ev *Event) GetChownSyscallStr3() string

GetChownSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetChownSyscallUid added in v0.56.0

func (ev *Event) GetChownSyscallUid() int

GetChownSyscallUid returns the value of the field, resolving if necessary

func (*Event) GetConnectAddrFamily added in v0.60.0

func (ev *Event) GetConnectAddrFamily() uint16

GetConnectAddrFamily returns the value of the field, resolving if necessary

func (*Event) GetConnectAddrIp added in v0.60.0

func (ev *Event) GetConnectAddrIp() net.IPNet

GetConnectAddrIp returns the value of the field, resolving if necessary

func (*Event) GetConnectAddrIsPublic

func (ev *Event) GetConnectAddrIsPublic() bool

GetConnectAddrIsPublic returns the value of the field, resolving if necessary

func (*Event) GetConnectAddrPort added in v0.60.0

func (ev *Event) GetConnectAddrPort() uint16

GetConnectAddrPort returns the value of the field, resolving if necessary

func (*Event) GetConnectProtocol

func (ev *Event) GetConnectProtocol() uint16

GetConnectProtocol returns the value of the field, resolving if necessary

func (*Event) GetConnectRetval added in v0.60.0

func (ev *Event) GetConnectRetval() int64

GetConnectRetval returns the value of the field, resolving if necessary

func (*Event) GetContainerCreatedAt added in v0.49.0

func (ev *Event) GetContainerCreatedAt() int

GetContainerCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetContainerId added in v0.49.0

func (ev *Event) GetContainerId() string

GetContainerId returns the value of the field, resolving if necessary

func (*Event) GetContainerRuntime added in v0.57.0

func (ev *Event) GetContainerRuntime() string

GetContainerRuntime returns the value of the field, resolving if necessary

func (*Event) GetContainerTags added in v0.49.0

func (ev *Event) GetContainerTags() []string

GetContainerTags returns the value of the field, resolving if necessary

func (*Event) GetDnsId added in v0.49.0

func (ev *Event) GetDnsId() uint16

GetDnsId returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionClass added in v0.49.0

func (ev *Event) GetDnsQuestionClass() uint16

GetDnsQuestionClass returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionCount added in v0.49.0

func (ev *Event) GetDnsQuestionCount() uint16

GetDnsQuestionCount returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionLength added in v0.49.0

func (ev *Event) GetDnsQuestionLength() uint16

GetDnsQuestionLength returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionName added in v0.49.0

func (ev *Event) GetDnsQuestionName() string

GetDnsQuestionName returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionNameLength added in v0.49.0

func (ev *Event) GetDnsQuestionNameLength() int

GetDnsQuestionNameLength returns the value of the field, resolving if necessary

func (*Event) GetDnsQuestionType added in v0.49.0

func (ev *Event) GetDnsQuestionType() uint16

GetDnsQuestionType returns the value of the field, resolving if necessary

func (*Event) GetEventAsync added in v0.49.0

func (ev *Event) GetEventAsync() bool

GetEventAsync returns the value of the field, resolving if necessary

func (*Event) GetEventHostname added in v0.56.0

func (ev *Event) GetEventHostname() string

GetEventHostname returns the value of the field, resolving if necessary

func (*Event) GetEventOrigin added in v0.53.0

func (ev *Event) GetEventOrigin() string

GetEventOrigin returns the value of the field, resolving if necessary

func (*Event) GetEventOs added in v0.53.0

func (ev *Event) GetEventOs() string

GetEventOs returns the value of the field, resolving if necessary

func (*Event) GetEventService added in v0.52.0

func (ev *Event) GetEventService() string

GetEventService returns the value of the field, resolving if necessary

func (*Event) GetEventTimestamp added in v0.49.0

func (ev *Event) GetEventTimestamp() int

GetEventTimestamp returns the value of the field, resolving if necessary

func (*Event) GetEventType

func (e *Event) GetEventType() EventType

GetEventType returns the event type of the event

func (*Event) GetExecArgs added in v0.49.0

func (ev *Event) GetExecArgs() string

GetExecArgs returns the value of the field, resolving if necessary

func (*Event) GetExecArgsFlags added in v0.49.0

func (ev *Event) GetExecArgsFlags() []string

GetExecArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetExecArgsOptions added in v0.49.0

func (ev *Event) GetExecArgsOptions() []string

GetExecArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetExecArgsScrubbed added in v0.51.0

func (ev *Event) GetExecArgsScrubbed() string

GetExecArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetExecArgsTruncated added in v0.49.0

func (ev *Event) GetExecArgsTruncated() bool

GetExecArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetExecArgv added in v0.49.0

func (ev *Event) GetExecArgv() []string

GetExecArgv returns the value of the field, resolving if necessary

func (*Event) GetExecArgv0 added in v0.49.0

func (ev *Event) GetExecArgv0() string

GetExecArgv0 returns the value of the field, resolving if necessary

func (*Event) GetExecArgvScrubbed added in v0.51.0

func (ev *Event) GetExecArgvScrubbed() []string

GetExecArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetExecAuid added in v0.57.0

func (ev *Event) GetExecAuid() uint32

GetExecAuid returns the value of the field, resolving if necessary

func (*Event) GetExecCapEffective added in v0.49.0

func (ev *Event) GetExecCapEffective() uint64

GetExecCapEffective returns the value of the field, resolving if necessary

func (*Event) GetExecCapPermitted added in v0.49.0

func (ev *Event) GetExecCapPermitted() uint64

GetExecCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetExecCgroupFileInode added in v0.57.0

func (ev *Event) GetExecCgroupFileInode() uint64

GetExecCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetExecCgroupFileMountId added in v0.57.0

func (ev *Event) GetExecCgroupFileMountId() uint32

GetExecCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExecCgroupId added in v0.57.0

func (ev *Event) GetExecCgroupId() string

GetExecCgroupId returns the value of the field, resolving if necessary

func (*Event) GetExecCgroupManager added in v0.57.0

func (ev *Event) GetExecCgroupManager() string

GetExecCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetExecCmdargv added in v0.55.0

func (ev *Event) GetExecCmdargv() []string

GetExecCmdargv returns the value of the field, resolving if necessary

func (*Event) GetExecComm added in v0.49.0

func (ev *Event) GetExecComm() string

GetExecComm returns the value of the field, resolving if necessary

func (*Event) GetExecContainerId added in v0.49.0

func (ev *Event) GetExecContainerId() string

GetExecContainerId returns the value of the field, resolving if necessary

func (*Event) GetExecCreatedAt added in v0.49.0

func (ev *Event) GetExecCreatedAt() int

GetExecCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetExecEgid added in v0.49.0

func (ev *Event) GetExecEgid() uint32

GetExecEgid returns the value of the field, resolving if necessary

func (*Event) GetExecEgroup added in v0.49.0

func (ev *Event) GetExecEgroup() string

GetExecEgroup returns the value of the field, resolving if necessary

func (*Event) GetExecEnvp added in v0.49.0

func (ev *Event) GetExecEnvp() []string

GetExecEnvp returns the value of the field, resolving if necessary

func (*Event) GetExecEnvs added in v0.49.0

func (ev *Event) GetExecEnvs() []string

GetExecEnvs returns the value of the field, resolving if necessary

func (*Event) GetExecEnvsTruncated added in v0.49.0

func (ev *Event) GetExecEnvsTruncated() bool

GetExecEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetExecEuid added in v0.49.0

func (ev *Event) GetExecEuid() uint32

GetExecEuid returns the value of the field, resolving if necessary

func (*Event) GetExecEuser added in v0.49.0

func (ev *Event) GetExecEuser() string

GetExecEuser returns the value of the field, resolving if necessary

func (*Event) GetExecExecTime added in v0.49.0

func (ev *Event) GetExecExecTime() time.Time

GetExecExecTime returns the value of the field, resolving if necessary

func (*Event) GetExecExitTime added in v0.49.0

func (ev *Event) GetExecExitTime() time.Time

GetExecExitTime returns the value of the field, resolving if necessary

func (*Event) GetExecFileChangeTime added in v0.49.0

func (ev *Event) GetExecFileChangeTime() uint64

GetExecFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetExecFileFilesystem added in v0.49.0

func (ev *Event) GetExecFileFilesystem() string

GetExecFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetExecFileGid added in v0.49.0

func (ev *Event) GetExecFileGid() uint32

GetExecFileGid returns the value of the field, resolving if necessary

func (*Event) GetExecFileGroup added in v0.49.0

func (ev *Event) GetExecFileGroup() string

GetExecFileGroup returns the value of the field, resolving if necessary

func (*Event) GetExecFileHashes added in v0.49.0

func (ev *Event) GetExecFileHashes() []string

GetExecFileHashes returns the value of the field, resolving if necessary

func (*Event) GetExecFileInUpperLayer added in v0.49.0

func (ev *Event) GetExecFileInUpperLayer() bool

GetExecFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetExecFileInode added in v0.49.0

func (ev *Event) GetExecFileInode() uint64

GetExecFileInode returns the value of the field, resolving if necessary

func (*Event) GetExecFileMode added in v0.49.0

func (ev *Event) GetExecFileMode() uint16

GetExecFileMode returns the value of the field, resolving if necessary

func (*Event) GetExecFileModificationTime added in v0.49.0

func (ev *Event) GetExecFileModificationTime() uint64

GetExecFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetExecFileMountId added in v0.49.0

func (ev *Event) GetExecFileMountId() uint32

GetExecFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExecFileName added in v0.49.0

func (ev *Event) GetExecFileName() string

GetExecFileName returns the value of the field, resolving if necessary

func (*Event) GetExecFileNameLength added in v0.49.0

func (ev *Event) GetExecFileNameLength() int

GetExecFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetExecFilePackageName added in v0.49.0

func (ev *Event) GetExecFilePackageName() string

GetExecFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetExecFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetExecFilePackageSourceVersion() string

GetExecFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetExecFilePackageVersion added in v0.49.0

func (ev *Event) GetExecFilePackageVersion() string

GetExecFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetExecFilePath added in v0.49.0

func (ev *Event) GetExecFilePath() string

GetExecFilePath returns the value of the field, resolving if necessary

func (*Event) GetExecFilePathLength added in v0.49.0

func (ev *Event) GetExecFilePathLength() int

GetExecFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetExecFileRights added in v0.49.0

func (ev *Event) GetExecFileRights() int

GetExecFileRights returns the value of the field, resolving if necessary

func (*Event) GetExecFileUid added in v0.49.0

func (ev *Event) GetExecFileUid() uint32

GetExecFileUid returns the value of the field, resolving if necessary

func (*Event) GetExecFileUser added in v0.49.0

func (ev *Event) GetExecFileUser() string

GetExecFileUser returns the value of the field, resolving if necessary

func (*Event) GetExecForkTime added in v0.49.0

func (ev *Event) GetExecForkTime() time.Time

GetExecForkTime returns the value of the field, resolving if necessary

func (*Event) GetExecFsgid added in v0.49.0

func (ev *Event) GetExecFsgid() uint32

GetExecFsgid returns the value of the field, resolving if necessary

func (*Event) GetExecFsgroup added in v0.49.0

func (ev *Event) GetExecFsgroup() string

GetExecFsgroup returns the value of the field, resolving if necessary

func (*Event) GetExecFsuid added in v0.49.0

func (ev *Event) GetExecFsuid() uint32

GetExecFsuid returns the value of the field, resolving if necessary

func (*Event) GetExecFsuser added in v0.49.0

func (ev *Event) GetExecFsuser() string

GetExecFsuser returns the value of the field, resolving if necessary

func (*Event) GetExecGid added in v0.49.0

func (ev *Event) GetExecGid() uint32

GetExecGid returns the value of the field, resolving if necessary

func (*Event) GetExecGroup added in v0.49.0

func (ev *Event) GetExecGroup() string

GetExecGroup returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetExecInterpreterFileChangeTime() uint64

GetExecInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetExecInterpreterFileFilesystem() string

GetExecInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileGid added in v0.49.0

func (ev *Event) GetExecInterpreterFileGid() uint32

GetExecInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileGroup added in v0.49.0

func (ev *Event) GetExecInterpreterFileGroup() string

GetExecInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileHashes added in v0.49.0

func (ev *Event) GetExecInterpreterFileHashes() []string

GetExecInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetExecInterpreterFileInUpperLayer() bool

GetExecInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileInode added in v0.49.0

func (ev *Event) GetExecInterpreterFileInode() uint64

GetExecInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileMode added in v0.49.0

func (ev *Event) GetExecInterpreterFileMode() uint16

GetExecInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetExecInterpreterFileModificationTime() uint64

GetExecInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileMountId added in v0.49.0

func (ev *Event) GetExecInterpreterFileMountId() uint32

GetExecInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileName added in v0.49.0

func (ev *Event) GetExecInterpreterFileName() string

GetExecInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetExecInterpreterFileNameLength() int

GetExecInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetExecInterpreterFilePackageName() string

GetExecInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetExecInterpreterFilePackageSourceVersion() string

GetExecInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetExecInterpreterFilePackageVersion() string

GetExecInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFilePath added in v0.49.0

func (ev *Event) GetExecInterpreterFilePath() string

GetExecInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetExecInterpreterFilePathLength() int

GetExecInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileRights added in v0.49.0

func (ev *Event) GetExecInterpreterFileRights() int

GetExecInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileUid added in v0.49.0

func (ev *Event) GetExecInterpreterFileUid() uint32

GetExecInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetExecInterpreterFileUser added in v0.49.0

func (ev *Event) GetExecInterpreterFileUser() string

GetExecInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetExecIsExec added in v0.60.0

func (ev *Event) GetExecIsExec() bool

GetExecIsExec returns the value of the field, resolving if necessary

func (*Event) GetExecIsKworker added in v0.49.0

func (ev *Event) GetExecIsKworker() bool

GetExecIsKworker returns the value of the field, resolving if necessary

func (*Event) GetExecIsThread added in v0.49.0

func (ev *Event) GetExecIsThread() bool

GetExecIsThread returns the value of the field, resolving if necessary

func (*Event) GetExecPid added in v0.49.0

func (ev *Event) GetExecPid() uint32

GetExecPid returns the value of the field, resolving if necessary

func (*Event) GetExecPpid added in v0.49.0

func (ev *Event) GetExecPpid() uint32

GetExecPpid returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallInt1 added in v0.55.0

func (ev *Event) GetExecSyscallInt1() int

GetExecSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallInt2 added in v0.55.0

func (ev *Event) GetExecSyscallInt2() int

GetExecSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallInt3 added in v0.55.0

func (ev *Event) GetExecSyscallInt3() int

GetExecSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallPath added in v0.55.0

func (ev *Event) GetExecSyscallPath() string

GetExecSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallStr1 added in v0.55.0

func (ev *Event) GetExecSyscallStr1() string

GetExecSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallStr2 added in v0.55.0

func (ev *Event) GetExecSyscallStr2() string

GetExecSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetExecSyscallStr3 added in v0.55.0

func (ev *Event) GetExecSyscallStr3() string

GetExecSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetExecTid added in v0.49.0

func (ev *Event) GetExecTid() uint32

GetExecTid returns the value of the field, resolving if necessary

func (*Event) GetExecTtyName added in v0.49.0

func (ev *Event) GetExecTtyName() string

GetExecTtyName returns the value of the field, resolving if necessary

func (*Event) GetExecUid added in v0.49.0

func (ev *Event) GetExecUid() uint32

GetExecUid returns the value of the field, resolving if necessary

func (*Event) GetExecUser added in v0.49.0

func (ev *Event) GetExecUser() string

GetExecUser returns the value of the field, resolving if necessary

func (*Event) GetExecUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetExecUserSessionK8sGroups() []string

GetExecUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetExecUserSessionK8sUid added in v0.50.0

func (ev *Event) GetExecUserSessionK8sUid() string

GetExecUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetExecUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetExecUserSessionK8sUsername() string

GetExecUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetExitArgs added in v0.49.0

func (ev *Event) GetExitArgs() string

GetExitArgs returns the value of the field, resolving if necessary

func (*Event) GetExitArgsFlags added in v0.49.0

func (ev *Event) GetExitArgsFlags() []string

GetExitArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetExitArgsOptions added in v0.49.0

func (ev *Event) GetExitArgsOptions() []string

GetExitArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetExitArgsScrubbed added in v0.51.0

func (ev *Event) GetExitArgsScrubbed() string

GetExitArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetExitArgsTruncated added in v0.49.0

func (ev *Event) GetExitArgsTruncated() bool

GetExitArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetExitArgv added in v0.49.0

func (ev *Event) GetExitArgv() []string

GetExitArgv returns the value of the field, resolving if necessary

func (*Event) GetExitArgv0 added in v0.49.0

func (ev *Event) GetExitArgv0() string

GetExitArgv0 returns the value of the field, resolving if necessary

func (*Event) GetExitArgvScrubbed added in v0.51.0

func (ev *Event) GetExitArgvScrubbed() []string

GetExitArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetExitAuid added in v0.57.0

func (ev *Event) GetExitAuid() uint32

GetExitAuid returns the value of the field, resolving if necessary

func (*Event) GetExitCapEffective added in v0.49.0

func (ev *Event) GetExitCapEffective() uint64

GetExitCapEffective returns the value of the field, resolving if necessary

func (*Event) GetExitCapPermitted added in v0.49.0

func (ev *Event) GetExitCapPermitted() uint64

GetExitCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetExitCause added in v0.49.0

func (ev *Event) GetExitCause() uint32

GetExitCause returns the value of the field, resolving if necessary

func (*Event) GetExitCgroupFileInode added in v0.57.0

func (ev *Event) GetExitCgroupFileInode() uint64

GetExitCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetExitCgroupFileMountId added in v0.57.0

func (ev *Event) GetExitCgroupFileMountId() uint32

GetExitCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExitCgroupId added in v0.57.0

func (ev *Event) GetExitCgroupId() string

GetExitCgroupId returns the value of the field, resolving if necessary

func (*Event) GetExitCgroupManager added in v0.57.0

func (ev *Event) GetExitCgroupManager() string

GetExitCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetExitCmdargv added in v0.55.0

func (ev *Event) GetExitCmdargv() []string

GetExitCmdargv returns the value of the field, resolving if necessary

func (*Event) GetExitCode added in v0.49.0

func (ev *Event) GetExitCode() uint32

GetExitCode returns the value of the field, resolving if necessary

func (*Event) GetExitComm added in v0.49.0

func (ev *Event) GetExitComm() string

GetExitComm returns the value of the field, resolving if necessary

func (*Event) GetExitContainerId added in v0.49.0

func (ev *Event) GetExitContainerId() string

GetExitContainerId returns the value of the field, resolving if necessary

func (*Event) GetExitCreatedAt added in v0.49.0

func (ev *Event) GetExitCreatedAt() int

GetExitCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetExitEgid added in v0.49.0

func (ev *Event) GetExitEgid() uint32

GetExitEgid returns the value of the field, resolving if necessary

func (*Event) GetExitEgroup added in v0.49.0

func (ev *Event) GetExitEgroup() string

GetExitEgroup returns the value of the field, resolving if necessary

func (*Event) GetExitEnvp added in v0.49.0

func (ev *Event) GetExitEnvp() []string

GetExitEnvp returns the value of the field, resolving if necessary

func (*Event) GetExitEnvs added in v0.49.0

func (ev *Event) GetExitEnvs() []string

GetExitEnvs returns the value of the field, resolving if necessary

func (*Event) GetExitEnvsTruncated added in v0.49.0

func (ev *Event) GetExitEnvsTruncated() bool

GetExitEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetExitEuid added in v0.49.0

func (ev *Event) GetExitEuid() uint32

GetExitEuid returns the value of the field, resolving if necessary

func (*Event) GetExitEuser added in v0.49.0

func (ev *Event) GetExitEuser() string

GetExitEuser returns the value of the field, resolving if necessary

func (*Event) GetExitExecTime added in v0.49.0

func (ev *Event) GetExitExecTime() time.Time

GetExitExecTime returns the value of the field, resolving if necessary

func (*Event) GetExitExitTime added in v0.49.0

func (ev *Event) GetExitExitTime() time.Time

GetExitExitTime returns the value of the field, resolving if necessary

func (*Event) GetExitFileChangeTime added in v0.49.0

func (ev *Event) GetExitFileChangeTime() uint64

GetExitFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetExitFileFilesystem added in v0.49.0

func (ev *Event) GetExitFileFilesystem() string

GetExitFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetExitFileGid added in v0.49.0

func (ev *Event) GetExitFileGid() uint32

GetExitFileGid returns the value of the field, resolving if necessary

func (*Event) GetExitFileGroup added in v0.49.0

func (ev *Event) GetExitFileGroup() string

GetExitFileGroup returns the value of the field, resolving if necessary

func (*Event) GetExitFileHashes added in v0.49.0

func (ev *Event) GetExitFileHashes() []string

GetExitFileHashes returns the value of the field, resolving if necessary

func (*Event) GetExitFileInUpperLayer added in v0.49.0

func (ev *Event) GetExitFileInUpperLayer() bool

GetExitFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetExitFileInode added in v0.49.0

func (ev *Event) GetExitFileInode() uint64

GetExitFileInode returns the value of the field, resolving if necessary

func (*Event) GetExitFileMode added in v0.49.0

func (ev *Event) GetExitFileMode() uint16

GetExitFileMode returns the value of the field, resolving if necessary

func (*Event) GetExitFileModificationTime added in v0.49.0

func (ev *Event) GetExitFileModificationTime() uint64

GetExitFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetExitFileMountId added in v0.49.0

func (ev *Event) GetExitFileMountId() uint32

GetExitFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExitFileName added in v0.49.0

func (ev *Event) GetExitFileName() string

GetExitFileName returns the value of the field, resolving if necessary

func (*Event) GetExitFileNameLength added in v0.49.0

func (ev *Event) GetExitFileNameLength() int

GetExitFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetExitFilePackageName added in v0.49.0

func (ev *Event) GetExitFilePackageName() string

GetExitFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetExitFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetExitFilePackageSourceVersion() string

GetExitFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetExitFilePackageVersion added in v0.49.0

func (ev *Event) GetExitFilePackageVersion() string

GetExitFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetExitFilePath added in v0.49.0

func (ev *Event) GetExitFilePath() string

GetExitFilePath returns the value of the field, resolving if necessary

func (*Event) GetExitFilePathLength added in v0.49.0

func (ev *Event) GetExitFilePathLength() int

GetExitFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetExitFileRights added in v0.49.0

func (ev *Event) GetExitFileRights() int

GetExitFileRights returns the value of the field, resolving if necessary

func (*Event) GetExitFileUid added in v0.49.0

func (ev *Event) GetExitFileUid() uint32

GetExitFileUid returns the value of the field, resolving if necessary

func (*Event) GetExitFileUser added in v0.49.0

func (ev *Event) GetExitFileUser() string

GetExitFileUser returns the value of the field, resolving if necessary

func (*Event) GetExitForkTime added in v0.49.0

func (ev *Event) GetExitForkTime() time.Time

GetExitForkTime returns the value of the field, resolving if necessary

func (*Event) GetExitFsgid added in v0.49.0

func (ev *Event) GetExitFsgid() uint32

GetExitFsgid returns the value of the field, resolving if necessary

func (*Event) GetExitFsgroup added in v0.49.0

func (ev *Event) GetExitFsgroup() string

GetExitFsgroup returns the value of the field, resolving if necessary

func (*Event) GetExitFsuid added in v0.49.0

func (ev *Event) GetExitFsuid() uint32

GetExitFsuid returns the value of the field, resolving if necessary

func (*Event) GetExitFsuser added in v0.49.0

func (ev *Event) GetExitFsuser() string

GetExitFsuser returns the value of the field, resolving if necessary

func (*Event) GetExitGid added in v0.49.0

func (ev *Event) GetExitGid() uint32

GetExitGid returns the value of the field, resolving if necessary

func (*Event) GetExitGroup added in v0.49.0

func (ev *Event) GetExitGroup() string

GetExitGroup returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetExitInterpreterFileChangeTime() uint64

GetExitInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetExitInterpreterFileFilesystem() string

GetExitInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileGid added in v0.49.0

func (ev *Event) GetExitInterpreterFileGid() uint32

GetExitInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileGroup added in v0.49.0

func (ev *Event) GetExitInterpreterFileGroup() string

GetExitInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileHashes added in v0.49.0

func (ev *Event) GetExitInterpreterFileHashes() []string

GetExitInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetExitInterpreterFileInUpperLayer() bool

GetExitInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileInode added in v0.49.0

func (ev *Event) GetExitInterpreterFileInode() uint64

GetExitInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileMode added in v0.49.0

func (ev *Event) GetExitInterpreterFileMode() uint16

GetExitInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetExitInterpreterFileModificationTime() uint64

GetExitInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileMountId added in v0.49.0

func (ev *Event) GetExitInterpreterFileMountId() uint32

GetExitInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileName added in v0.49.0

func (ev *Event) GetExitInterpreterFileName() string

GetExitInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetExitInterpreterFileNameLength() int

GetExitInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetExitInterpreterFilePackageName() string

GetExitInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetExitInterpreterFilePackageSourceVersion() string

GetExitInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetExitInterpreterFilePackageVersion() string

GetExitInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFilePath added in v0.49.0

func (ev *Event) GetExitInterpreterFilePath() string

GetExitInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetExitInterpreterFilePathLength() int

GetExitInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileRights added in v0.49.0

func (ev *Event) GetExitInterpreterFileRights() int

GetExitInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileUid added in v0.49.0

func (ev *Event) GetExitInterpreterFileUid() uint32

GetExitInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetExitInterpreterFileUser added in v0.49.0

func (ev *Event) GetExitInterpreterFileUser() string

GetExitInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetExitIsExec added in v0.60.0

func (ev *Event) GetExitIsExec() bool

GetExitIsExec returns the value of the field, resolving if necessary

func (*Event) GetExitIsKworker added in v0.49.0

func (ev *Event) GetExitIsKworker() bool

GetExitIsKworker returns the value of the field, resolving if necessary

func (*Event) GetExitIsThread added in v0.49.0

func (ev *Event) GetExitIsThread() bool

GetExitIsThread returns the value of the field, resolving if necessary

func (*Event) GetExitPid added in v0.49.0

func (ev *Event) GetExitPid() uint32

GetExitPid returns the value of the field, resolving if necessary

func (*Event) GetExitPpid added in v0.49.0

func (ev *Event) GetExitPpid() uint32

GetExitPpid returns the value of the field, resolving if necessary

func (*Event) GetExitTid added in v0.49.0

func (ev *Event) GetExitTid() uint32

GetExitTid returns the value of the field, resolving if necessary

func (*Event) GetExitTtyName added in v0.49.0

func (ev *Event) GetExitTtyName() string

GetExitTtyName returns the value of the field, resolving if necessary

func (*Event) GetExitUid added in v0.49.0

func (ev *Event) GetExitUid() uint32

GetExitUid returns the value of the field, resolving if necessary

func (*Event) GetExitUser added in v0.49.0

func (ev *Event) GetExitUser() string

GetExitUser returns the value of the field, resolving if necessary

func (*Event) GetExitUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetExitUserSessionK8sGroups() []string

GetExitUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetExitUserSessionK8sUid added in v0.50.0

func (ev *Event) GetExitUserSessionK8sUid() string

GetExitUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetExitUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetExitUserSessionK8sUsername() string

GetExitUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetFieldEventType

func (ev *Event) GetFieldEventType(field eval.Field) (eval.EventType, error)

func (*Event) GetFieldType

func (ev *Event) GetFieldType(field eval.Field) (reflect.Kind, error)

func (*Event) GetFieldValue

func (ev *Event) GetFieldValue(field eval.Field) (interface{}, error)

func (*Event) GetFields

func (ev *Event) GetFields() []eval.Field

func (*Event) GetImdsAwsIsImdsV2 added in v0.55.0

func (ev *Event) GetImdsAwsIsImdsV2() bool

GetImdsAwsIsImdsV2 returns the value of the field, resolving if necessary

func (*Event) GetImdsAwsSecurityCredentialsType added in v0.55.0

func (ev *Event) GetImdsAwsSecurityCredentialsType() string

GetImdsAwsSecurityCredentialsType returns the value of the field, resolving if necessary

func (*Event) GetImdsCloudProvider added in v0.55.0

func (ev *Event) GetImdsCloudProvider() string

GetImdsCloudProvider returns the value of the field, resolving if necessary

func (*Event) GetImdsHost added in v0.55.0

func (ev *Event) GetImdsHost() string

GetImdsHost returns the value of the field, resolving if necessary

func (*Event) GetImdsServer added in v0.55.0

func (ev *Event) GetImdsServer() string

GetImdsServer returns the value of the field, resolving if necessary

func (*Event) GetImdsType added in v0.55.0

func (ev *Event) GetImdsType() string

GetImdsType returns the value of the field, resolving if necessary

func (*Event) GetImdsUrl added in v0.55.0

func (ev *Event) GetImdsUrl() string

GetImdsUrl returns the value of the field, resolving if necessary

func (*Event) GetImdsUserAgent added in v0.55.0

func (ev *Event) GetImdsUserAgent() string

GetImdsUserAgent returns the value of the field, resolving if necessary

func (*Event) GetLinkFileChangeTime added in v0.49.0

func (ev *Event) GetLinkFileChangeTime() uint64

GetLinkFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationChangeTime added in v0.49.0

func (ev *Event) GetLinkFileDestinationChangeTime() uint64

GetLinkFileDestinationChangeTime returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationFilesystem added in v0.49.0

func (ev *Event) GetLinkFileDestinationFilesystem() string

GetLinkFileDestinationFilesystem returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationGid added in v0.49.0

func (ev *Event) GetLinkFileDestinationGid() uint32

GetLinkFileDestinationGid returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationGroup added in v0.49.0

func (ev *Event) GetLinkFileDestinationGroup() string

GetLinkFileDestinationGroup returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationHashes added in v0.49.0

func (ev *Event) GetLinkFileDestinationHashes() []string

GetLinkFileDestinationHashes returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationInUpperLayer added in v0.49.0

func (ev *Event) GetLinkFileDestinationInUpperLayer() bool

GetLinkFileDestinationInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationInode added in v0.49.0

func (ev *Event) GetLinkFileDestinationInode() uint64

GetLinkFileDestinationInode returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationMode added in v0.49.0

func (ev *Event) GetLinkFileDestinationMode() uint16

GetLinkFileDestinationMode returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationModificationTime added in v0.49.0

func (ev *Event) GetLinkFileDestinationModificationTime() uint64

GetLinkFileDestinationModificationTime returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationMountId added in v0.49.0

func (ev *Event) GetLinkFileDestinationMountId() uint32

GetLinkFileDestinationMountId returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationName added in v0.49.0

func (ev *Event) GetLinkFileDestinationName() string

GetLinkFileDestinationName returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationNameLength added in v0.49.0

func (ev *Event) GetLinkFileDestinationNameLength() int

GetLinkFileDestinationNameLength returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationPackageName added in v0.49.0

func (ev *Event) GetLinkFileDestinationPackageName() string

GetLinkFileDestinationPackageName returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationPackageSourceVersion added in v0.49.0

func (ev *Event) GetLinkFileDestinationPackageSourceVersion() string

GetLinkFileDestinationPackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationPackageVersion added in v0.49.0

func (ev *Event) GetLinkFileDestinationPackageVersion() string

GetLinkFileDestinationPackageVersion returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationPath added in v0.49.0

func (ev *Event) GetLinkFileDestinationPath() string

GetLinkFileDestinationPath returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationPathLength added in v0.49.0

func (ev *Event) GetLinkFileDestinationPathLength() int

GetLinkFileDestinationPathLength returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationRights added in v0.49.0

func (ev *Event) GetLinkFileDestinationRights() int

GetLinkFileDestinationRights returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationUid added in v0.49.0

func (ev *Event) GetLinkFileDestinationUid() uint32

GetLinkFileDestinationUid returns the value of the field, resolving if necessary

func (*Event) GetLinkFileDestinationUser added in v0.49.0

func (ev *Event) GetLinkFileDestinationUser() string

GetLinkFileDestinationUser returns the value of the field, resolving if necessary

func (*Event) GetLinkFileFilesystem added in v0.49.0

func (ev *Event) GetLinkFileFilesystem() string

GetLinkFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetLinkFileGid added in v0.49.0

func (ev *Event) GetLinkFileGid() uint32

GetLinkFileGid returns the value of the field, resolving if necessary

func (*Event) GetLinkFileGroup added in v0.49.0

func (ev *Event) GetLinkFileGroup() string

GetLinkFileGroup returns the value of the field, resolving if necessary

func (*Event) GetLinkFileHashes added in v0.49.0

func (ev *Event) GetLinkFileHashes() []string

GetLinkFileHashes returns the value of the field, resolving if necessary

func (*Event) GetLinkFileInUpperLayer added in v0.49.0

func (ev *Event) GetLinkFileInUpperLayer() bool

GetLinkFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetLinkFileInode added in v0.49.0

func (ev *Event) GetLinkFileInode() uint64

GetLinkFileInode returns the value of the field, resolving if necessary

func (*Event) GetLinkFileMode added in v0.49.0

func (ev *Event) GetLinkFileMode() uint16

GetLinkFileMode returns the value of the field, resolving if necessary

func (*Event) GetLinkFileModificationTime added in v0.49.0

func (ev *Event) GetLinkFileModificationTime() uint64

GetLinkFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetLinkFileMountId added in v0.49.0

func (ev *Event) GetLinkFileMountId() uint32

GetLinkFileMountId returns the value of the field, resolving if necessary

func (*Event) GetLinkFileName added in v0.49.0

func (ev *Event) GetLinkFileName() string

GetLinkFileName returns the value of the field, resolving if necessary

func (*Event) GetLinkFileNameLength added in v0.49.0

func (ev *Event) GetLinkFileNameLength() int

GetLinkFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetLinkFilePackageName added in v0.49.0

func (ev *Event) GetLinkFilePackageName() string

GetLinkFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetLinkFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetLinkFilePackageSourceVersion() string

GetLinkFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetLinkFilePackageVersion added in v0.49.0

func (ev *Event) GetLinkFilePackageVersion() string

GetLinkFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetLinkFilePath added in v0.49.0

func (ev *Event) GetLinkFilePath() string

GetLinkFilePath returns the value of the field, resolving if necessary

func (*Event) GetLinkFilePathLength added in v0.49.0

func (ev *Event) GetLinkFilePathLength() int

GetLinkFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetLinkFileRights added in v0.49.0

func (ev *Event) GetLinkFileRights() int

GetLinkFileRights returns the value of the field, resolving if necessary

func (*Event) GetLinkFileUid added in v0.49.0

func (ev *Event) GetLinkFileUid() uint32

GetLinkFileUid returns the value of the field, resolving if necessary

func (*Event) GetLinkFileUser added in v0.49.0

func (ev *Event) GetLinkFileUser() string

GetLinkFileUser returns the value of the field, resolving if necessary

func (*Event) GetLinkRetval added in v0.49.0

func (ev *Event) GetLinkRetval() int64

GetLinkRetval returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallDestinationPath added in v0.56.0

func (ev *Event) GetLinkSyscallDestinationPath() string

GetLinkSyscallDestinationPath returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallInt1 added in v0.56.0

func (ev *Event) GetLinkSyscallInt1() int

GetLinkSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallInt2 added in v0.56.0

func (ev *Event) GetLinkSyscallInt2() int

GetLinkSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallInt3 added in v0.56.0

func (ev *Event) GetLinkSyscallInt3() int

GetLinkSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallPath added in v0.56.0

func (ev *Event) GetLinkSyscallPath() string

GetLinkSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallStr1 added in v0.56.0

func (ev *Event) GetLinkSyscallStr1() string

GetLinkSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallStr2 added in v0.56.0

func (ev *Event) GetLinkSyscallStr2() string

GetLinkSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetLinkSyscallStr3 added in v0.56.0

func (ev *Event) GetLinkSyscallStr3() string

GetLinkSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleArgs added in v0.49.0

func (ev *Event) GetLoadModuleArgs() string

GetLoadModuleArgs returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleArgsTruncated added in v0.49.0

func (ev *Event) GetLoadModuleArgsTruncated() bool

GetLoadModuleArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleArgv added in v0.49.0

func (ev *Event) GetLoadModuleArgv() []string

GetLoadModuleArgv returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileChangeTime added in v0.49.0

func (ev *Event) GetLoadModuleFileChangeTime() uint64

GetLoadModuleFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileFilesystem added in v0.49.0

func (ev *Event) GetLoadModuleFileFilesystem() string

GetLoadModuleFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileGid added in v0.49.0

func (ev *Event) GetLoadModuleFileGid() uint32

GetLoadModuleFileGid returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileGroup added in v0.49.0

func (ev *Event) GetLoadModuleFileGroup() string

GetLoadModuleFileGroup returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileHashes added in v0.49.0

func (ev *Event) GetLoadModuleFileHashes() []string

GetLoadModuleFileHashes returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileInUpperLayer added in v0.49.0

func (ev *Event) GetLoadModuleFileInUpperLayer() bool

GetLoadModuleFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileInode added in v0.49.0

func (ev *Event) GetLoadModuleFileInode() uint64

GetLoadModuleFileInode returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileMode added in v0.49.0

func (ev *Event) GetLoadModuleFileMode() uint16

GetLoadModuleFileMode returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileModificationTime added in v0.49.0

func (ev *Event) GetLoadModuleFileModificationTime() uint64

GetLoadModuleFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileMountId added in v0.49.0

func (ev *Event) GetLoadModuleFileMountId() uint32

GetLoadModuleFileMountId returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileName added in v0.49.0

func (ev *Event) GetLoadModuleFileName() string

GetLoadModuleFileName returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileNameLength added in v0.49.0

func (ev *Event) GetLoadModuleFileNameLength() int

GetLoadModuleFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFilePackageName added in v0.49.0

func (ev *Event) GetLoadModuleFilePackageName() string

GetLoadModuleFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetLoadModuleFilePackageSourceVersion() string

GetLoadModuleFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFilePackageVersion added in v0.49.0

func (ev *Event) GetLoadModuleFilePackageVersion() string

GetLoadModuleFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFilePath added in v0.49.0

func (ev *Event) GetLoadModuleFilePath() string

GetLoadModuleFilePath returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFilePathLength added in v0.49.0

func (ev *Event) GetLoadModuleFilePathLength() int

GetLoadModuleFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileRights added in v0.49.0

func (ev *Event) GetLoadModuleFileRights() int

GetLoadModuleFileRights returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileUid added in v0.49.0

func (ev *Event) GetLoadModuleFileUid() uint32

GetLoadModuleFileUid returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleFileUser added in v0.49.0

func (ev *Event) GetLoadModuleFileUser() string

GetLoadModuleFileUser returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleLoadedFromMemory added in v0.49.0

func (ev *Event) GetLoadModuleLoadedFromMemory() bool

GetLoadModuleLoadedFromMemory returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleName added in v0.49.0

func (ev *Event) GetLoadModuleName() string

GetLoadModuleName returns the value of the field, resolving if necessary

func (*Event) GetLoadModuleRetval added in v0.49.0

func (ev *Event) GetLoadModuleRetval() int64

GetLoadModuleRetval returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileChangeTime added in v0.49.0

func (ev *Event) GetMkdirFileChangeTime() uint64

GetMkdirFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileDestinationMode added in v0.49.0

func (ev *Event) GetMkdirFileDestinationMode() uint32

GetMkdirFileDestinationMode returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileDestinationRights added in v0.49.0

func (ev *Event) GetMkdirFileDestinationRights() uint32

GetMkdirFileDestinationRights returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileFilesystem added in v0.49.0

func (ev *Event) GetMkdirFileFilesystem() string

GetMkdirFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileGid added in v0.49.0

func (ev *Event) GetMkdirFileGid() uint32

GetMkdirFileGid returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileGroup added in v0.49.0

func (ev *Event) GetMkdirFileGroup() string

GetMkdirFileGroup returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileHashes added in v0.49.0

func (ev *Event) GetMkdirFileHashes() []string

GetMkdirFileHashes returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileInUpperLayer added in v0.49.0

func (ev *Event) GetMkdirFileInUpperLayer() bool

GetMkdirFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileInode added in v0.49.0

func (ev *Event) GetMkdirFileInode() uint64

GetMkdirFileInode returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileMode added in v0.49.0

func (ev *Event) GetMkdirFileMode() uint16

GetMkdirFileMode returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileModificationTime added in v0.49.0

func (ev *Event) GetMkdirFileModificationTime() uint64

GetMkdirFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileMountId added in v0.49.0

func (ev *Event) GetMkdirFileMountId() uint32

GetMkdirFileMountId returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileName added in v0.49.0

func (ev *Event) GetMkdirFileName() string

GetMkdirFileName returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileNameLength added in v0.49.0

func (ev *Event) GetMkdirFileNameLength() int

GetMkdirFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetMkdirFilePackageName added in v0.49.0

func (ev *Event) GetMkdirFilePackageName() string

GetMkdirFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetMkdirFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetMkdirFilePackageSourceVersion() string

GetMkdirFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetMkdirFilePackageVersion added in v0.49.0

func (ev *Event) GetMkdirFilePackageVersion() string

GetMkdirFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetMkdirFilePath added in v0.49.0

func (ev *Event) GetMkdirFilePath() string

GetMkdirFilePath returns the value of the field, resolving if necessary

func (*Event) GetMkdirFilePathLength added in v0.49.0

func (ev *Event) GetMkdirFilePathLength() int

GetMkdirFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileRights added in v0.49.0

func (ev *Event) GetMkdirFileRights() int

GetMkdirFileRights returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileUid added in v0.49.0

func (ev *Event) GetMkdirFileUid() uint32

GetMkdirFileUid returns the value of the field, resolving if necessary

func (*Event) GetMkdirFileUser added in v0.49.0

func (ev *Event) GetMkdirFileUser() string

GetMkdirFileUser returns the value of the field, resolving if necessary

func (*Event) GetMkdirRetval added in v0.49.0

func (ev *Event) GetMkdirRetval() int64

GetMkdirRetval returns the value of the field, resolving if necessary

func (*Event) GetMmapFileChangeTime added in v0.49.0

func (ev *Event) GetMmapFileChangeTime() uint64

GetMmapFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetMmapFileFilesystem added in v0.49.0

func (ev *Event) GetMmapFileFilesystem() string

GetMmapFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetMmapFileGid added in v0.49.0

func (ev *Event) GetMmapFileGid() uint32

GetMmapFileGid returns the value of the field, resolving if necessary

func (*Event) GetMmapFileGroup added in v0.49.0

func (ev *Event) GetMmapFileGroup() string

GetMmapFileGroup returns the value of the field, resolving if necessary

func (*Event) GetMmapFileHashes added in v0.49.0

func (ev *Event) GetMmapFileHashes() []string

GetMmapFileHashes returns the value of the field, resolving if necessary

func (*Event) GetMmapFileInUpperLayer added in v0.49.0

func (ev *Event) GetMmapFileInUpperLayer() bool

GetMmapFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetMmapFileInode added in v0.49.0

func (ev *Event) GetMmapFileInode() uint64

GetMmapFileInode returns the value of the field, resolving if necessary

func (*Event) GetMmapFileMode added in v0.49.0

func (ev *Event) GetMmapFileMode() uint16

GetMmapFileMode returns the value of the field, resolving if necessary

func (*Event) GetMmapFileModificationTime added in v0.49.0

func (ev *Event) GetMmapFileModificationTime() uint64

GetMmapFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetMmapFileMountId added in v0.49.0

func (ev *Event) GetMmapFileMountId() uint32

GetMmapFileMountId returns the value of the field, resolving if necessary

func (*Event) GetMmapFileName added in v0.49.0

func (ev *Event) GetMmapFileName() string

GetMmapFileName returns the value of the field, resolving if necessary

func (*Event) GetMmapFileNameLength added in v0.49.0

func (ev *Event) GetMmapFileNameLength() int

GetMmapFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetMmapFilePackageName added in v0.49.0

func (ev *Event) GetMmapFilePackageName() string

GetMmapFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetMmapFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetMmapFilePackageSourceVersion() string

GetMmapFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetMmapFilePackageVersion added in v0.49.0

func (ev *Event) GetMmapFilePackageVersion() string

GetMmapFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetMmapFilePath added in v0.49.0

func (ev *Event) GetMmapFilePath() string

GetMmapFilePath returns the value of the field, resolving if necessary

func (*Event) GetMmapFilePathLength added in v0.49.0

func (ev *Event) GetMmapFilePathLength() int

GetMmapFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetMmapFileRights added in v0.49.0

func (ev *Event) GetMmapFileRights() int

GetMmapFileRights returns the value of the field, resolving if necessary

func (*Event) GetMmapFileUid added in v0.49.0

func (ev *Event) GetMmapFileUid() uint32

GetMmapFileUid returns the value of the field, resolving if necessary

func (*Event) GetMmapFileUser added in v0.49.0

func (ev *Event) GetMmapFileUser() string

GetMmapFileUser returns the value of the field, resolving if necessary

func (*Event) GetMmapFlags added in v0.49.0

func (ev *Event) GetMmapFlags() uint64

GetMmapFlags returns the value of the field, resolving if necessary

func (*Event) GetMmapProtection added in v0.49.0

func (ev *Event) GetMmapProtection() uint64

GetMmapProtection returns the value of the field, resolving if necessary

func (*Event) GetMmapRetval added in v0.49.0

func (ev *Event) GetMmapRetval() int64

GetMmapRetval returns the value of the field, resolving if necessary

func (*Event) GetMountFsType added in v0.49.0

func (ev *Event) GetMountFsType() string

GetMountFsType returns the value of the field, resolving if necessary

func (*Event) GetMountMountpointPath added in v0.49.0

func (ev *Event) GetMountMountpointPath() string

GetMountMountpointPath returns the value of the field, resolving if necessary

func (*Event) GetMountRetval added in v0.49.0

func (ev *Event) GetMountRetval() int64

GetMountRetval returns the value of the field, resolving if necessary

func (*Event) GetMountRootPath added in v0.51.0

func (ev *Event) GetMountRootPath() string

GetMountRootPath returns the value of the field, resolving if necessary

func (*Event) GetMountSourcePath added in v0.49.0

func (ev *Event) GetMountSourcePath() string

GetMountSourcePath returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallFsType added in v0.56.0

func (ev *Event) GetMountSyscallFsType() string

GetMountSyscallFsType returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallInt1 added in v0.56.0

func (ev *Event) GetMountSyscallInt1() int

GetMountSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallInt2 added in v0.56.0

func (ev *Event) GetMountSyscallInt2() int

GetMountSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallInt3 added in v0.56.0

func (ev *Event) GetMountSyscallInt3() int

GetMountSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallMountpointPath added in v0.56.0

func (ev *Event) GetMountSyscallMountpointPath() string

GetMountSyscallMountpointPath returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallSourcePath added in v0.56.0

func (ev *Event) GetMountSyscallSourcePath() string

GetMountSyscallSourcePath returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallStr1 added in v0.56.0

func (ev *Event) GetMountSyscallStr1() string

GetMountSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallStr2 added in v0.56.0

func (ev *Event) GetMountSyscallStr2() string

GetMountSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetMountSyscallStr3 added in v0.56.0

func (ev *Event) GetMountSyscallStr3() string

GetMountSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetMprotectReqProtection added in v0.49.0

func (ev *Event) GetMprotectReqProtection() int

GetMprotectReqProtection returns the value of the field, resolving if necessary

func (*Event) GetMprotectRetval added in v0.49.0

func (ev *Event) GetMprotectRetval() int64

GetMprotectRetval returns the value of the field, resolving if necessary

func (*Event) GetMprotectVmProtection added in v0.49.0

func (ev *Event) GetMprotectVmProtection() int

GetMprotectVmProtection returns the value of the field, resolving if necessary

func (*Event) GetNetworkDestinationIp added in v0.49.0

func (ev *Event) GetNetworkDestinationIp() net.IPNet

GetNetworkDestinationIp returns the value of the field, resolving if necessary

func (*Event) GetNetworkDestinationIsPublic

func (ev *Event) GetNetworkDestinationIsPublic() bool

GetNetworkDestinationIsPublic returns the value of the field, resolving if necessary

func (*Event) GetNetworkDestinationPort added in v0.49.0

func (ev *Event) GetNetworkDestinationPort() uint16

GetNetworkDestinationPort returns the value of the field, resolving if necessary

func (*Event) GetNetworkDeviceIfname added in v0.49.0

func (ev *Event) GetNetworkDeviceIfname() string

GetNetworkDeviceIfname returns the value of the field, resolving if necessary

func (*Event) GetNetworkL3Protocol added in v0.49.0

func (ev *Event) GetNetworkL3Protocol() uint16

GetNetworkL3Protocol returns the value of the field, resolving if necessary

func (*Event) GetNetworkL4Protocol added in v0.49.0

func (ev *Event) GetNetworkL4Protocol() uint16

GetNetworkL4Protocol returns the value of the field, resolving if necessary

func (*Event) GetNetworkSize added in v0.49.0

func (ev *Event) GetNetworkSize() uint32

GetNetworkSize returns the value of the field, resolving if necessary

func (*Event) GetNetworkSourceIp added in v0.49.0

func (ev *Event) GetNetworkSourceIp() net.IPNet

GetNetworkSourceIp returns the value of the field, resolving if necessary

func (*Event) GetNetworkSourceIsPublic

func (ev *Event) GetNetworkSourceIsPublic() bool

GetNetworkSourceIsPublic returns the value of the field, resolving if necessary

func (*Event) GetNetworkSourcePort added in v0.49.0

func (ev *Event) GetNetworkSourcePort() uint16

GetNetworkSourcePort returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg1Str added in v0.56.0

func (ev *Event) GetOndemandArg1Str() string

GetOndemandArg1Str returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg1Uint added in v0.56.0

func (ev *Event) GetOndemandArg1Uint() int

GetOndemandArg1Uint returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg2Str added in v0.56.0

func (ev *Event) GetOndemandArg2Str() string

GetOndemandArg2Str returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg2Uint added in v0.56.0

func (ev *Event) GetOndemandArg2Uint() int

GetOndemandArg2Uint returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg3Str added in v0.56.0

func (ev *Event) GetOndemandArg3Str() string

GetOndemandArg3Str returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg3Uint added in v0.56.0

func (ev *Event) GetOndemandArg3Uint() int

GetOndemandArg3Uint returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg4Str added in v0.56.0

func (ev *Event) GetOndemandArg4Str() string

GetOndemandArg4Str returns the value of the field, resolving if necessary

func (*Event) GetOndemandArg4Uint added in v0.56.0

func (ev *Event) GetOndemandArg4Uint() int

GetOndemandArg4Uint returns the value of the field, resolving if necessary

func (*Event) GetOndemandName added in v0.56.0

func (ev *Event) GetOndemandName() string

GetOndemandName returns the value of the field, resolving if necessary

func (*Event) GetOpenFileChangeTime added in v0.49.0

func (ev *Event) GetOpenFileChangeTime() uint64

GetOpenFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetOpenFileDestinationMode added in v0.49.0

func (ev *Event) GetOpenFileDestinationMode() uint32

GetOpenFileDestinationMode returns the value of the field, resolving if necessary

func (*Event) GetOpenFileFilesystem added in v0.49.0

func (ev *Event) GetOpenFileFilesystem() string

GetOpenFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetOpenFileGid added in v0.49.0

func (ev *Event) GetOpenFileGid() uint32

GetOpenFileGid returns the value of the field, resolving if necessary

func (*Event) GetOpenFileGroup added in v0.49.0

func (ev *Event) GetOpenFileGroup() string

GetOpenFileGroup returns the value of the field, resolving if necessary

func (*Event) GetOpenFileHashes added in v0.49.0

func (ev *Event) GetOpenFileHashes() []string

GetOpenFileHashes returns the value of the field, resolving if necessary

func (*Event) GetOpenFileInUpperLayer added in v0.49.0

func (ev *Event) GetOpenFileInUpperLayer() bool

GetOpenFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetOpenFileInode added in v0.49.0

func (ev *Event) GetOpenFileInode() uint64

GetOpenFileInode returns the value of the field, resolving if necessary

func (*Event) GetOpenFileMode added in v0.49.0

func (ev *Event) GetOpenFileMode() uint16

GetOpenFileMode returns the value of the field, resolving if necessary

func (*Event) GetOpenFileModificationTime added in v0.49.0

func (ev *Event) GetOpenFileModificationTime() uint64

GetOpenFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetOpenFileMountId added in v0.49.0

func (ev *Event) GetOpenFileMountId() uint32

GetOpenFileMountId returns the value of the field, resolving if necessary

func (*Event) GetOpenFileName added in v0.49.0

func (ev *Event) GetOpenFileName() string

GetOpenFileName returns the value of the field, resolving if necessary

func (*Event) GetOpenFileNameLength added in v0.49.0

func (ev *Event) GetOpenFileNameLength() int

GetOpenFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetOpenFilePackageName added in v0.49.0

func (ev *Event) GetOpenFilePackageName() string

GetOpenFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetOpenFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetOpenFilePackageSourceVersion() string

GetOpenFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetOpenFilePackageVersion added in v0.49.0

func (ev *Event) GetOpenFilePackageVersion() string

GetOpenFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetOpenFilePath added in v0.49.0

func (ev *Event) GetOpenFilePath() string

GetOpenFilePath returns the value of the field, resolving if necessary

func (*Event) GetOpenFilePathLength added in v0.49.0

func (ev *Event) GetOpenFilePathLength() int

GetOpenFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetOpenFileRights added in v0.49.0

func (ev *Event) GetOpenFileRights() int

GetOpenFileRights returns the value of the field, resolving if necessary

func (*Event) GetOpenFileUid added in v0.49.0

func (ev *Event) GetOpenFileUid() uint32

GetOpenFileUid returns the value of the field, resolving if necessary

func (*Event) GetOpenFileUser added in v0.49.0

func (ev *Event) GetOpenFileUser() string

GetOpenFileUser returns the value of the field, resolving if necessary

func (*Event) GetOpenFlags added in v0.49.0

func (ev *Event) GetOpenFlags() uint32

GetOpenFlags returns the value of the field, resolving if necessary

func (*Event) GetOpenRetval added in v0.49.0

func (ev *Event) GetOpenRetval() int64

GetOpenRetval returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallFlags added in v0.56.0

func (ev *Event) GetOpenSyscallFlags() int

GetOpenSyscallFlags returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallInt1 added in v0.56.0

func (ev *Event) GetOpenSyscallInt1() int

GetOpenSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallInt2 added in v0.56.0

func (ev *Event) GetOpenSyscallInt2() int

GetOpenSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallInt3 added in v0.56.0

func (ev *Event) GetOpenSyscallInt3() int

GetOpenSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallMode added in v0.56.0

func (ev *Event) GetOpenSyscallMode() int

GetOpenSyscallMode returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallPath added in v0.56.0

func (ev *Event) GetOpenSyscallPath() string

GetOpenSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallStr1 added in v0.56.0

func (ev *Event) GetOpenSyscallStr1() string

GetOpenSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallStr2 added in v0.56.0

func (ev *Event) GetOpenSyscallStr2() string

GetOpenSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetOpenSyscallStr3 added in v0.56.0

func (ev *Event) GetOpenSyscallStr3() string

GetOpenSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetPacketDestinationIp added in v0.60.0

func (ev *Event) GetPacketDestinationIp() net.IPNet

GetPacketDestinationIp returns the value of the field, resolving if necessary

func (*Event) GetPacketDestinationIsPublic

func (ev *Event) GetPacketDestinationIsPublic() bool

GetPacketDestinationIsPublic returns the value of the field, resolving if necessary

func (*Event) GetPacketDestinationPort added in v0.60.0

func (ev *Event) GetPacketDestinationPort() uint16

GetPacketDestinationPort returns the value of the field, resolving if necessary

func (*Event) GetPacketDeviceIfname added in v0.60.0

func (ev *Event) GetPacketDeviceIfname() string

GetPacketDeviceIfname returns the value of the field, resolving if necessary

func (*Event) GetPacketFilter added in v0.60.0

func (ev *Event) GetPacketFilter() string

GetPacketFilter returns the value of the field, resolving if necessary

func (*Event) GetPacketL3Protocol added in v0.60.0

func (ev *Event) GetPacketL3Protocol() uint16

GetPacketL3Protocol returns the value of the field, resolving if necessary

func (*Event) GetPacketL4Protocol added in v0.60.0

func (ev *Event) GetPacketL4Protocol() uint16

GetPacketL4Protocol returns the value of the field, resolving if necessary

func (*Event) GetPacketSize added in v0.60.0

func (ev *Event) GetPacketSize() uint32

GetPacketSize returns the value of the field, resolving if necessary

func (*Event) GetPacketSourceIp added in v0.60.0

func (ev *Event) GetPacketSourceIp() net.IPNet

GetPacketSourceIp returns the value of the field, resolving if necessary

func (*Event) GetPacketSourceIsPublic

func (ev *Event) GetPacketSourceIsPublic() bool

GetPacketSourceIsPublic returns the value of the field, resolving if necessary

func (*Event) GetPacketSourcePort added in v0.60.0

func (ev *Event) GetPacketSourcePort() uint16

GetPacketSourcePort returns the value of the field, resolving if necessary

func (*Event) GetPacketTlsVersion added in v0.60.0

func (ev *Event) GetPacketTlsVersion() uint16

GetPacketTlsVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgs added in v0.49.0

func (ev *Event) GetProcessAncestorsArgs() []string

GetProcessAncestorsArgs returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgsFlags added in v0.49.0

func (ev *Event) GetProcessAncestorsArgsFlags() []string

GetProcessAncestorsArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgsOptions added in v0.49.0

func (ev *Event) GetProcessAncestorsArgsOptions() []string

GetProcessAncestorsArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgsScrubbed added in v0.51.0

func (ev *Event) GetProcessAncestorsArgsScrubbed() []string

GetProcessAncestorsArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgsTruncated added in v0.49.0

func (ev *Event) GetProcessAncestorsArgsTruncated() []bool

GetProcessAncestorsArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgv added in v0.49.0

func (ev *Event) GetProcessAncestorsArgv() []string

GetProcessAncestorsArgv returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgv0 added in v0.49.0

func (ev *Event) GetProcessAncestorsArgv0() []string

GetProcessAncestorsArgv0 returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsArgvScrubbed added in v0.51.0

func (ev *Event) GetProcessAncestorsArgvScrubbed() []string

GetProcessAncestorsArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsAuid added in v0.57.0

func (ev *Event) GetProcessAncestorsAuid() []uint32

GetProcessAncestorsAuid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCapEffective added in v0.49.0

func (ev *Event) GetProcessAncestorsCapEffective() []uint64

GetProcessAncestorsCapEffective returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCapPermitted added in v0.49.0

func (ev *Event) GetProcessAncestorsCapPermitted() []uint64

GetProcessAncestorsCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCgroupFileInode added in v0.57.0

func (ev *Event) GetProcessAncestorsCgroupFileInode() []uint64

GetProcessAncestorsCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCgroupFileMountId added in v0.57.0

func (ev *Event) GetProcessAncestorsCgroupFileMountId() []uint32

GetProcessAncestorsCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCgroupId added in v0.57.0

func (ev *Event) GetProcessAncestorsCgroupId() []string

GetProcessAncestorsCgroupId returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCgroupManager added in v0.57.0

func (ev *Event) GetProcessAncestorsCgroupManager() []string

GetProcessAncestorsCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCmdargv added in v0.55.0

func (ev *Event) GetProcessAncestorsCmdargv() []string

GetProcessAncestorsCmdargv returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsComm added in v0.49.0

func (ev *Event) GetProcessAncestorsComm() []string

GetProcessAncestorsComm returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsContainerId added in v0.49.0

func (ev *Event) GetProcessAncestorsContainerId() []string

GetProcessAncestorsContainerId returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsCreatedAt added in v0.49.0

func (ev *Event) GetProcessAncestorsCreatedAt() []int

GetProcessAncestorsCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEgid added in v0.49.0

func (ev *Event) GetProcessAncestorsEgid() []uint32

GetProcessAncestorsEgid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEgroup added in v0.49.0

func (ev *Event) GetProcessAncestorsEgroup() []string

GetProcessAncestorsEgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEnvp added in v0.49.0

func (ev *Event) GetProcessAncestorsEnvp() []string

GetProcessAncestorsEnvp returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEnvs added in v0.49.0

func (ev *Event) GetProcessAncestorsEnvs() []string

GetProcessAncestorsEnvs returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEnvsTruncated added in v0.49.0

func (ev *Event) GetProcessAncestorsEnvsTruncated() []bool

GetProcessAncestorsEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEuid added in v0.49.0

func (ev *Event) GetProcessAncestorsEuid() []uint32

GetProcessAncestorsEuid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsEuser added in v0.49.0

func (ev *Event) GetProcessAncestorsEuser() []string

GetProcessAncestorsEuser returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileChangeTime added in v0.49.0

func (ev *Event) GetProcessAncestorsFileChangeTime() []uint64

GetProcessAncestorsFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileFilesystem added in v0.49.0

func (ev *Event) GetProcessAncestorsFileFilesystem() []string

GetProcessAncestorsFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileGid added in v0.49.0

func (ev *Event) GetProcessAncestorsFileGid() []uint32

GetProcessAncestorsFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileGroup added in v0.49.0

func (ev *Event) GetProcessAncestorsFileGroup() []string

GetProcessAncestorsFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileHashes added in v0.49.0

func (ev *Event) GetProcessAncestorsFileHashes() []string

GetProcessAncestorsFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessAncestorsFileInUpperLayer() []bool

GetProcessAncestorsFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileInode added in v0.49.0

func (ev *Event) GetProcessAncestorsFileInode() []uint64

GetProcessAncestorsFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileMode added in v0.49.0

func (ev *Event) GetProcessAncestorsFileMode() []uint16

GetProcessAncestorsFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileModificationTime added in v0.49.0

func (ev *Event) GetProcessAncestorsFileModificationTime() []uint64

GetProcessAncestorsFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileMountId added in v0.49.0

func (ev *Event) GetProcessAncestorsFileMountId() []uint32

GetProcessAncestorsFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileName added in v0.49.0

func (ev *Event) GetProcessAncestorsFileName() []string

GetProcessAncestorsFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileNameLength added in v0.49.0

func (ev *Event) GetProcessAncestorsFileNameLength() []int

GetProcessAncestorsFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFilePackageName added in v0.49.0

func (ev *Event) GetProcessAncestorsFilePackageName() []string

GetProcessAncestorsFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessAncestorsFilePackageSourceVersion() []string

GetProcessAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessAncestorsFilePackageVersion() []string

GetProcessAncestorsFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFilePath added in v0.49.0

func (ev *Event) GetProcessAncestorsFilePath() []string

GetProcessAncestorsFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFilePathLength added in v0.49.0

func (ev *Event) GetProcessAncestorsFilePathLength() []int

GetProcessAncestorsFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileRights added in v0.49.0

func (ev *Event) GetProcessAncestorsFileRights() []int

GetProcessAncestorsFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileUid added in v0.49.0

func (ev *Event) GetProcessAncestorsFileUid() []uint32

GetProcessAncestorsFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFileUser added in v0.49.0

func (ev *Event) GetProcessAncestorsFileUser() []string

GetProcessAncestorsFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFsgid added in v0.49.0

func (ev *Event) GetProcessAncestorsFsgid() []uint32

GetProcessAncestorsFsgid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFsgroup added in v0.49.0

func (ev *Event) GetProcessAncestorsFsgroup() []string

GetProcessAncestorsFsgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFsuid added in v0.49.0

func (ev *Event) GetProcessAncestorsFsuid() []uint32

GetProcessAncestorsFsuid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsFsuser added in v0.49.0

func (ev *Event) GetProcessAncestorsFsuser() []string

GetProcessAncestorsFsuser returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsGid added in v0.49.0

func (ev *Event) GetProcessAncestorsGid() []uint32

GetProcessAncestorsGid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsGroup added in v0.49.0

func (ev *Event) GetProcessAncestorsGroup() []string

GetProcessAncestorsGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileChangeTime() []uint64

GetProcessAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileFilesystem() []string

GetProcessAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileGid added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileGid() []uint32

GetProcessAncestorsInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileGroup added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileGroup() []string

GetProcessAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileHashes added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileHashes() []string

GetProcessAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileInUpperLayer() []bool

GetProcessAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileInode added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileInode() []uint64

GetProcessAncestorsInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileMode added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileMode() []uint16

GetProcessAncestorsInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileModificationTime() []uint64

GetProcessAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileMountId added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileMountId() []uint32

GetProcessAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileName added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileName() []string

GetProcessAncestorsInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileNameLength() []int

GetProcessAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFilePackageName() []string

GetProcessAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFilePackageSourceVersion() []string

GetProcessAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFilePackageVersion() []string

GetProcessAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFilePath added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFilePath() []string

GetProcessAncestorsInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFilePathLength() []int

GetProcessAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileRights added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileRights() []int

GetProcessAncestorsInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileUid added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileUid() []uint32

GetProcessAncestorsInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsInterpreterFileUser added in v0.49.0

func (ev *Event) GetProcessAncestorsInterpreterFileUser() []string

GetProcessAncestorsInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsIsExec added in v0.60.0

func (ev *Event) GetProcessAncestorsIsExec() []bool

GetProcessAncestorsIsExec returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsIsKworker added in v0.49.0

func (ev *Event) GetProcessAncestorsIsKworker() []bool

GetProcessAncestorsIsKworker returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsIsThread added in v0.49.0

func (ev *Event) GetProcessAncestorsIsThread() []bool

GetProcessAncestorsIsThread returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsLength added in v0.60.0

func (ev *Event) GetProcessAncestorsLength() int

GetProcessAncestorsLength returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsPid added in v0.49.0

func (ev *Event) GetProcessAncestorsPid() []uint32

GetProcessAncestorsPid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsPpid added in v0.49.0

func (ev *Event) GetProcessAncestorsPpid() []uint32

GetProcessAncestorsPpid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsTid added in v0.49.0

func (ev *Event) GetProcessAncestorsTid() []uint32

GetProcessAncestorsTid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsTtyName added in v0.49.0

func (ev *Event) GetProcessAncestorsTtyName() []string

GetProcessAncestorsTtyName returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsUid added in v0.49.0

func (ev *Event) GetProcessAncestorsUid() []uint32

GetProcessAncestorsUid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsUser added in v0.49.0

func (ev *Event) GetProcessAncestorsUser() []string

GetProcessAncestorsUser returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetProcessAncestorsUserSessionK8sGroups() []string

GetProcessAncestorsUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsUserSessionK8sUid added in v0.50.0

func (ev *Event) GetProcessAncestorsUserSessionK8sUid() []string

GetProcessAncestorsUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetProcessAncestorsUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetProcessAncestorsUserSessionK8sUsername() []string

GetProcessAncestorsUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetProcessArgs added in v0.49.0

func (ev *Event) GetProcessArgs() string

GetProcessArgs returns the value of the field, resolving if necessary

func (*Event) GetProcessArgsFlags added in v0.49.0

func (ev *Event) GetProcessArgsFlags() []string

GetProcessArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetProcessArgsOptions added in v0.49.0

func (ev *Event) GetProcessArgsOptions() []string

GetProcessArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetProcessArgsScrubbed added in v0.51.0

func (ev *Event) GetProcessArgsScrubbed() string

GetProcessArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessArgsTruncated added in v0.49.0

func (ev *Event) GetProcessArgsTruncated() bool

GetProcessArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessArgv added in v0.49.0

func (ev *Event) GetProcessArgv() []string

GetProcessArgv returns the value of the field, resolving if necessary

func (*Event) GetProcessArgv0 added in v0.49.0

func (ev *Event) GetProcessArgv0() string

GetProcessArgv0 returns the value of the field, resolving if necessary

func (*Event) GetProcessArgvScrubbed added in v0.51.0

func (ev *Event) GetProcessArgvScrubbed() []string

GetProcessArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessAuid added in v0.57.0

func (ev *Event) GetProcessAuid() uint32

GetProcessAuid returns the value of the field, resolving if necessary

func (*Event) GetProcessCapEffective added in v0.49.0

func (ev *Event) GetProcessCapEffective() uint64

GetProcessCapEffective returns the value of the field, resolving if necessary

func (*Event) GetProcessCapPermitted added in v0.49.0

func (ev *Event) GetProcessCapPermitted() uint64

GetProcessCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetProcessCgroupFileInode added in v0.57.0

func (ev *Event) GetProcessCgroupFileInode() uint64

GetProcessCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessCgroupFileMountId added in v0.57.0

func (ev *Event) GetProcessCgroupFileMountId() uint32

GetProcessCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessCgroupId added in v0.57.0

func (ev *Event) GetProcessCgroupId() string

GetProcessCgroupId returns the value of the field, resolving if necessary

func (*Event) GetProcessCgroupManager added in v0.57.0

func (ev *Event) GetProcessCgroupManager() string

GetProcessCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetProcessCmdargv added in v0.55.0

func (ev *Event) GetProcessCmdargv() []string

GetProcessCmdargv returns the value of the field, resolving if necessary

func (*Event) GetProcessComm added in v0.49.0

func (ev *Event) GetProcessComm() string

GetProcessComm returns the value of the field, resolving if necessary

func (*Event) GetProcessContainerId added in v0.49.0

func (ev *Event) GetProcessContainerId() string

GetProcessContainerId returns the value of the field, resolving if necessary

func (*Event) GetProcessCreatedAt added in v0.49.0

func (ev *Event) GetProcessCreatedAt() int

GetProcessCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetProcessEgid added in v0.49.0

func (ev *Event) GetProcessEgid() uint32

GetProcessEgid returns the value of the field, resolving if necessary

func (*Event) GetProcessEgroup added in v0.49.0

func (ev *Event) GetProcessEgroup() string

GetProcessEgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessEnvp added in v0.49.0

func (ev *Event) GetProcessEnvp() []string

GetProcessEnvp returns the value of the field, resolving if necessary

func (*Event) GetProcessEnvs added in v0.49.0

func (ev *Event) GetProcessEnvs() []string

GetProcessEnvs returns the value of the field, resolving if necessary

func (*Event) GetProcessEnvsTruncated added in v0.49.0

func (ev *Event) GetProcessEnvsTruncated() bool

GetProcessEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessEuid added in v0.49.0

func (ev *Event) GetProcessEuid() uint32

GetProcessEuid returns the value of the field, resolving if necessary

func (*Event) GetProcessEuser added in v0.49.0

func (ev *Event) GetProcessEuser() string

GetProcessEuser returns the value of the field, resolving if necessary

func (*Event) GetProcessExecTime added in v0.49.0

func (ev *Event) GetProcessExecTime() time.Time

GetProcessExecTime returns the value of the field, resolving if necessary

func (*Event) GetProcessExitTime added in v0.49.0

func (ev *Event) GetProcessExitTime() time.Time

GetProcessExitTime returns the value of the field, resolving if necessary

func (*Event) GetProcessFileChangeTime added in v0.49.0

func (ev *Event) GetProcessFileChangeTime() uint64

GetProcessFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessFileFilesystem added in v0.49.0

func (ev *Event) GetProcessFileFilesystem() string

GetProcessFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessFileGid added in v0.49.0

func (ev *Event) GetProcessFileGid() uint32

GetProcessFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessFileGroup added in v0.49.0

func (ev *Event) GetProcessFileGroup() string

GetProcessFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessFileHashes added in v0.49.0

func (ev *Event) GetProcessFileHashes() []string

GetProcessFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessFileInUpperLayer() bool

GetProcessFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessFileInode added in v0.49.0

func (ev *Event) GetProcessFileInode() uint64

GetProcessFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessFileMode added in v0.49.0

func (ev *Event) GetProcessFileMode() uint16

GetProcessFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessFileModificationTime added in v0.49.0

func (ev *Event) GetProcessFileModificationTime() uint64

GetProcessFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessFileMountId added in v0.49.0

func (ev *Event) GetProcessFileMountId() uint32

GetProcessFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessFileName added in v0.49.0

func (ev *Event) GetProcessFileName() string

GetProcessFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessFileNameLength added in v0.49.0

func (ev *Event) GetProcessFileNameLength() int

GetProcessFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessFilePackageName added in v0.49.0

func (ev *Event) GetProcessFilePackageName() string

GetProcessFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessFilePackageSourceVersion() string

GetProcessFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessFilePackageVersion() string

GetProcessFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessFilePath added in v0.49.0

func (ev *Event) GetProcessFilePath() string

GetProcessFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessFilePathLength added in v0.49.0

func (ev *Event) GetProcessFilePathLength() int

GetProcessFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessFileRights added in v0.49.0

func (ev *Event) GetProcessFileRights() int

GetProcessFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessFileUid added in v0.49.0

func (ev *Event) GetProcessFileUid() uint32

GetProcessFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessFileUser added in v0.49.0

func (ev *Event) GetProcessFileUser() string

GetProcessFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessForkTime added in v0.49.0

func (ev *Event) GetProcessForkTime() time.Time

GetProcessForkTime returns the value of the field, resolving if necessary

func (*Event) GetProcessFsgid added in v0.49.0

func (ev *Event) GetProcessFsgid() uint32

GetProcessFsgid returns the value of the field, resolving if necessary

func (*Event) GetProcessFsgroup added in v0.49.0

func (ev *Event) GetProcessFsgroup() string

GetProcessFsgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessFsuid added in v0.49.0

func (ev *Event) GetProcessFsuid() uint32

GetProcessFsuid returns the value of the field, resolving if necessary

func (*Event) GetProcessFsuser added in v0.49.0

func (ev *Event) GetProcessFsuser() string

GetProcessFsuser returns the value of the field, resolving if necessary

func (*Event) GetProcessGid added in v0.49.0

func (ev *Event) GetProcessGid() uint32

GetProcessGid returns the value of the field, resolving if necessary

func (*Event) GetProcessGroup added in v0.49.0

func (ev *Event) GetProcessGroup() string

GetProcessGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetProcessInterpreterFileChangeTime() uint64

GetProcessInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetProcessInterpreterFileFilesystem() string

GetProcessInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileGid added in v0.49.0

func (ev *Event) GetProcessInterpreterFileGid() uint32

GetProcessInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileGroup added in v0.49.0

func (ev *Event) GetProcessInterpreterFileGroup() string

GetProcessInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileHashes added in v0.49.0

func (ev *Event) GetProcessInterpreterFileHashes() []string

GetProcessInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessInterpreterFileInUpperLayer() bool

GetProcessInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileInode added in v0.49.0

func (ev *Event) GetProcessInterpreterFileInode() uint64

GetProcessInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileMode added in v0.49.0

func (ev *Event) GetProcessInterpreterFileMode() uint16

GetProcessInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetProcessInterpreterFileModificationTime() uint64

GetProcessInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileMountId added in v0.49.0

func (ev *Event) GetProcessInterpreterFileMountId() uint32

GetProcessInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileName added in v0.49.0

func (ev *Event) GetProcessInterpreterFileName() string

GetProcessInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetProcessInterpreterFileNameLength() int

GetProcessInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetProcessInterpreterFilePackageName() string

GetProcessInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessInterpreterFilePackageSourceVersion() string

GetProcessInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessInterpreterFilePackageVersion() string

GetProcessInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFilePath added in v0.49.0

func (ev *Event) GetProcessInterpreterFilePath() string

GetProcessInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetProcessInterpreterFilePathLength() int

GetProcessInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileRights added in v0.49.0

func (ev *Event) GetProcessInterpreterFileRights() int

GetProcessInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileUid added in v0.49.0

func (ev *Event) GetProcessInterpreterFileUid() uint32

GetProcessInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessInterpreterFileUser added in v0.49.0

func (ev *Event) GetProcessInterpreterFileUser() string

GetProcessInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessIsExec added in v0.60.0

func (ev *Event) GetProcessIsExec() bool

GetProcessIsExec returns the value of the field, resolving if necessary

func (*Event) GetProcessIsKworker added in v0.49.0

func (ev *Event) GetProcessIsKworker() bool

GetProcessIsKworker returns the value of the field, resolving if necessary

func (*Event) GetProcessIsThread added in v0.49.0

func (ev *Event) GetProcessIsThread() bool

GetProcessIsThread returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgs added in v0.49.0

func (ev *Event) GetProcessParentArgs() string

GetProcessParentArgs returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgsFlags added in v0.49.0

func (ev *Event) GetProcessParentArgsFlags() []string

GetProcessParentArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgsOptions added in v0.49.0

func (ev *Event) GetProcessParentArgsOptions() []string

GetProcessParentArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgsScrubbed added in v0.51.0

func (ev *Event) GetProcessParentArgsScrubbed() string

GetProcessParentArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgsTruncated added in v0.49.0

func (ev *Event) GetProcessParentArgsTruncated() bool

GetProcessParentArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgv added in v0.49.0

func (ev *Event) GetProcessParentArgv() []string

GetProcessParentArgv returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgv0 added in v0.49.0

func (ev *Event) GetProcessParentArgv0() string

GetProcessParentArgv0 returns the value of the field, resolving if necessary

func (*Event) GetProcessParentArgvScrubbed added in v0.51.0

func (ev *Event) GetProcessParentArgvScrubbed() []string

GetProcessParentArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetProcessParentAuid added in v0.57.0

func (ev *Event) GetProcessParentAuid() uint32

GetProcessParentAuid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCapEffective added in v0.49.0

func (ev *Event) GetProcessParentCapEffective() uint64

GetProcessParentCapEffective returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCapPermitted added in v0.49.0

func (ev *Event) GetProcessParentCapPermitted() uint64

GetProcessParentCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCgroupFileInode added in v0.57.0

func (ev *Event) GetProcessParentCgroupFileInode() uint64

GetProcessParentCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCgroupFileMountId added in v0.57.0

func (ev *Event) GetProcessParentCgroupFileMountId() uint32

GetProcessParentCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCgroupId added in v0.57.0

func (ev *Event) GetProcessParentCgroupId() string

GetProcessParentCgroupId returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCgroupManager added in v0.57.0

func (ev *Event) GetProcessParentCgroupManager() string

GetProcessParentCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCmdargv added in v0.55.0

func (ev *Event) GetProcessParentCmdargv() []string

GetProcessParentCmdargv returns the value of the field, resolving if necessary

func (*Event) GetProcessParentComm added in v0.49.0

func (ev *Event) GetProcessParentComm() string

GetProcessParentComm returns the value of the field, resolving if necessary

func (*Event) GetProcessParentContainerId added in v0.49.0

func (ev *Event) GetProcessParentContainerId() string

GetProcessParentContainerId returns the value of the field, resolving if necessary

func (*Event) GetProcessParentCreatedAt added in v0.49.0

func (ev *Event) GetProcessParentCreatedAt() int

GetProcessParentCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEgid added in v0.49.0

func (ev *Event) GetProcessParentEgid() uint32

GetProcessParentEgid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEgroup added in v0.49.0

func (ev *Event) GetProcessParentEgroup() string

GetProcessParentEgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEnvp added in v0.49.0

func (ev *Event) GetProcessParentEnvp() []string

GetProcessParentEnvp returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEnvs added in v0.49.0

func (ev *Event) GetProcessParentEnvs() []string

GetProcessParentEnvs returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEnvsTruncated added in v0.49.0

func (ev *Event) GetProcessParentEnvsTruncated() bool

GetProcessParentEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEuid added in v0.49.0

func (ev *Event) GetProcessParentEuid() uint32

GetProcessParentEuid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentEuser added in v0.49.0

func (ev *Event) GetProcessParentEuser() string

GetProcessParentEuser returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileChangeTime added in v0.49.0

func (ev *Event) GetProcessParentFileChangeTime() uint64

GetProcessParentFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileFilesystem added in v0.49.0

func (ev *Event) GetProcessParentFileFilesystem() string

GetProcessParentFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileGid added in v0.49.0

func (ev *Event) GetProcessParentFileGid() uint32

GetProcessParentFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileGroup added in v0.49.0

func (ev *Event) GetProcessParentFileGroup() string

GetProcessParentFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileHashes added in v0.49.0

func (ev *Event) GetProcessParentFileHashes() []string

GetProcessParentFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessParentFileInUpperLayer() bool

GetProcessParentFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileInode added in v0.49.0

func (ev *Event) GetProcessParentFileInode() uint64

GetProcessParentFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileMode added in v0.49.0

func (ev *Event) GetProcessParentFileMode() uint16

GetProcessParentFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileModificationTime added in v0.49.0

func (ev *Event) GetProcessParentFileModificationTime() uint64

GetProcessParentFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileMountId added in v0.49.0

func (ev *Event) GetProcessParentFileMountId() uint32

GetProcessParentFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileName added in v0.49.0

func (ev *Event) GetProcessParentFileName() string

GetProcessParentFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileNameLength added in v0.49.0

func (ev *Event) GetProcessParentFileNameLength() int

GetProcessParentFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFilePackageName added in v0.49.0

func (ev *Event) GetProcessParentFilePackageName() string

GetProcessParentFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessParentFilePackageSourceVersion() string

GetProcessParentFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessParentFilePackageVersion() string

GetProcessParentFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFilePath added in v0.49.0

func (ev *Event) GetProcessParentFilePath() string

GetProcessParentFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFilePathLength added in v0.49.0

func (ev *Event) GetProcessParentFilePathLength() int

GetProcessParentFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileRights added in v0.49.0

func (ev *Event) GetProcessParentFileRights() int

GetProcessParentFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileUid added in v0.49.0

func (ev *Event) GetProcessParentFileUid() uint32

GetProcessParentFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFileUser added in v0.49.0

func (ev *Event) GetProcessParentFileUser() string

GetProcessParentFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFsgid added in v0.49.0

func (ev *Event) GetProcessParentFsgid() uint32

GetProcessParentFsgid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFsgroup added in v0.49.0

func (ev *Event) GetProcessParentFsgroup() string

GetProcessParentFsgroup returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFsuid added in v0.49.0

func (ev *Event) GetProcessParentFsuid() uint32

GetProcessParentFsuid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentFsuser added in v0.49.0

func (ev *Event) GetProcessParentFsuser() string

GetProcessParentFsuser returns the value of the field, resolving if necessary

func (*Event) GetProcessParentGid added in v0.49.0

func (ev *Event) GetProcessParentGid() uint32

GetProcessParentGid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentGroup added in v0.49.0

func (ev *Event) GetProcessParentGroup() string

GetProcessParentGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileChangeTime() uint64

GetProcessParentInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileFilesystem() string

GetProcessParentInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileGid added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileGid() uint32

GetProcessParentInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileGroup added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileGroup() string

GetProcessParentInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileHashes added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileHashes() []string

GetProcessParentInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileInUpperLayer() bool

GetProcessParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileInode added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileInode() uint64

GetProcessParentInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileMode added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileMode() uint16

GetProcessParentInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileModificationTime() uint64

GetProcessParentInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileMountId added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileMountId() uint32

GetProcessParentInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileName added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileName() string

GetProcessParentInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileNameLength() int

GetProcessParentInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFilePackageName() string

GetProcessParentInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFilePackageSourceVersion() string

GetProcessParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFilePackageVersion() string

GetProcessParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFilePath added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFilePath() string

GetProcessParentInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFilePathLength() int

GetProcessParentInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileRights added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileRights() int

GetProcessParentInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileUid added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileUid() uint32

GetProcessParentInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentInterpreterFileUser added in v0.49.0

func (ev *Event) GetProcessParentInterpreterFileUser() string

GetProcessParentInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetProcessParentIsExec added in v0.60.0

func (ev *Event) GetProcessParentIsExec() bool

GetProcessParentIsExec returns the value of the field, resolving if necessary

func (*Event) GetProcessParentIsKworker added in v0.49.0

func (ev *Event) GetProcessParentIsKworker() bool

GetProcessParentIsKworker returns the value of the field, resolving if necessary

func (*Event) GetProcessParentIsThread added in v0.49.0

func (ev *Event) GetProcessParentIsThread() bool

GetProcessParentIsThread returns the value of the field, resolving if necessary

func (*Event) GetProcessParentPid added in v0.49.0

func (ev *Event) GetProcessParentPid() uint32

GetProcessParentPid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentPpid added in v0.49.0

func (ev *Event) GetProcessParentPpid() uint32

GetProcessParentPpid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentTid added in v0.49.0

func (ev *Event) GetProcessParentTid() uint32

GetProcessParentTid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentTtyName added in v0.49.0

func (ev *Event) GetProcessParentTtyName() string

GetProcessParentTtyName returns the value of the field, resolving if necessary

func (*Event) GetProcessParentUid added in v0.49.0

func (ev *Event) GetProcessParentUid() uint32

GetProcessParentUid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentUser added in v0.49.0

func (ev *Event) GetProcessParentUser() string

GetProcessParentUser returns the value of the field, resolving if necessary

func (*Event) GetProcessParentUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetProcessParentUserSessionK8sGroups() []string

GetProcessParentUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetProcessParentUserSessionK8sUid added in v0.50.0

func (ev *Event) GetProcessParentUserSessionK8sUid() string

GetProcessParentUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetProcessParentUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetProcessParentUserSessionK8sUsername() string

GetProcessParentUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetProcessPid added in v0.49.0

func (ev *Event) GetProcessPid() uint32

GetProcessPid returns the value of the field, resolving if necessary

func (*Event) GetProcessPpid added in v0.49.0

func (ev *Event) GetProcessPpid() uint32

GetProcessPpid returns the value of the field, resolving if necessary

func (*Event) GetProcessTid added in v0.49.0

func (ev *Event) GetProcessTid() uint32

GetProcessTid returns the value of the field, resolving if necessary

func (*Event) GetProcessTtyName added in v0.49.0

func (ev *Event) GetProcessTtyName() string

GetProcessTtyName returns the value of the field, resolving if necessary

func (*Event) GetProcessUid added in v0.49.0

func (ev *Event) GetProcessUid() uint32

GetProcessUid returns the value of the field, resolving if necessary

func (*Event) GetProcessUser added in v0.49.0

func (ev *Event) GetProcessUser() string

GetProcessUser returns the value of the field, resolving if necessary

func (*Event) GetProcessUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetProcessUserSessionK8sGroups() []string

GetProcessUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetProcessUserSessionK8sUid added in v0.50.0

func (ev *Event) GetProcessUserSessionK8sUid() string

GetProcessUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetProcessUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetProcessUserSessionK8sUsername() string

GetProcessUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetPtraceRequest added in v0.49.0

func (ev *Event) GetPtraceRequest() uint32

GetPtraceRequest returns the value of the field, resolving if necessary

func (*Event) GetPtraceRetval added in v0.49.0

func (ev *Event) GetPtraceRetval() int64

GetPtraceRetval returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgs added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgs() []string

GetPtraceTraceeAncestorsArgs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgsFlags added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgsFlags() []string

GetPtraceTraceeAncestorsArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgsOptions added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgsOptions() []string

GetPtraceTraceeAncestorsArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgsScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeAncestorsArgsScrubbed() []string

GetPtraceTraceeAncestorsArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgsTruncated() []bool

GetPtraceTraceeAncestorsArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgv added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgv() []string

GetPtraceTraceeAncestorsArgv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgv0 added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsArgv0() []string

GetPtraceTraceeAncestorsArgv0 returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsArgvScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeAncestorsArgvScrubbed() []string

GetPtraceTraceeAncestorsArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsAuid added in v0.57.0

func (ev *Event) GetPtraceTraceeAncestorsAuid() []uint32

GetPtraceTraceeAncestorsAuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCapEffective added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsCapEffective() []uint64

GetPtraceTraceeAncestorsCapEffective returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCapPermitted added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsCapPermitted() []uint64

GetPtraceTraceeAncestorsCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCgroupFileInode added in v0.57.0

func (ev *Event) GetPtraceTraceeAncestorsCgroupFileInode() []uint64

GetPtraceTraceeAncestorsCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCgroupFileMountId added in v0.57.0

func (ev *Event) GetPtraceTraceeAncestorsCgroupFileMountId() []uint32

GetPtraceTraceeAncestorsCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCgroupId added in v0.57.0

func (ev *Event) GetPtraceTraceeAncestorsCgroupId() []string

GetPtraceTraceeAncestorsCgroupId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCgroupManager added in v0.57.0

func (ev *Event) GetPtraceTraceeAncestorsCgroupManager() []string

GetPtraceTraceeAncestorsCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCmdargv added in v0.55.0

func (ev *Event) GetPtraceTraceeAncestorsCmdargv() []string

GetPtraceTraceeAncestorsCmdargv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsComm added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsComm() []string

GetPtraceTraceeAncestorsComm returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsContainerId added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsContainerId() []string

GetPtraceTraceeAncestorsContainerId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsCreatedAt added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsCreatedAt() []int

GetPtraceTraceeAncestorsCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEgid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEgid() []uint32

GetPtraceTraceeAncestorsEgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEgroup() []string

GetPtraceTraceeAncestorsEgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEnvp added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEnvp() []string

GetPtraceTraceeAncestorsEnvp returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEnvs added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEnvs() []string

GetPtraceTraceeAncestorsEnvs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEnvsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEnvsTruncated() []bool

GetPtraceTraceeAncestorsEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEuid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEuid() []uint32

GetPtraceTraceeAncestorsEuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsEuser added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsEuser() []string

GetPtraceTraceeAncestorsEuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileChangeTime() []uint64

GetPtraceTraceeAncestorsFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileFilesystem() []string

GetPtraceTraceeAncestorsFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileGid() []uint32

GetPtraceTraceeAncestorsFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileGroup() []string

GetPtraceTraceeAncestorsFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileHashes() []string

GetPtraceTraceeAncestorsFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileInUpperLayer() []bool

GetPtraceTraceeAncestorsFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileInode() []uint64

GetPtraceTraceeAncestorsFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileMode() []uint16

GetPtraceTraceeAncestorsFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileModificationTime() []uint64

GetPtraceTraceeAncestorsFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileMountId() []uint32

GetPtraceTraceeAncestorsFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileName() []string

GetPtraceTraceeAncestorsFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileNameLength() []int

GetPtraceTraceeAncestorsFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFilePackageName() []string

GetPtraceTraceeAncestorsFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFilePackageSourceVersion() []string

GetPtraceTraceeAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFilePackageVersion() []string

GetPtraceTraceeAncestorsFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFilePath() []string

GetPtraceTraceeAncestorsFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFilePathLength() []int

GetPtraceTraceeAncestorsFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileRights() []int

GetPtraceTraceeAncestorsFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileUid() []uint32

GetPtraceTraceeAncestorsFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFileUser() []string

GetPtraceTraceeAncestorsFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFsgid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFsgid() []uint32

GetPtraceTraceeAncestorsFsgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFsgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFsgroup() []string

GetPtraceTraceeAncestorsFsgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFsuid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFsuid() []uint32

GetPtraceTraceeAncestorsFsuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsFsuser added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsFsuser() []string

GetPtraceTraceeAncestorsFsuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsGid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsGid() []uint32

GetPtraceTraceeAncestorsGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsGroup() []string

GetPtraceTraceeAncestorsGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileChangeTime() []uint64

GetPtraceTraceeAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileFilesystem() []string

GetPtraceTraceeAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileGid() []uint32

GetPtraceTraceeAncestorsInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileGroup() []string

GetPtraceTraceeAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileHashes() []string

GetPtraceTraceeAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileInUpperLayer() []bool

GetPtraceTraceeAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileInode() []uint64

GetPtraceTraceeAncestorsInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileMode() []uint16

GetPtraceTraceeAncestorsInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileModificationTime() []uint64

GetPtraceTraceeAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileMountId() []uint32

GetPtraceTraceeAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileName() []string

GetPtraceTraceeAncestorsInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileNameLength() []int

GetPtraceTraceeAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageName() []string

GetPtraceTraceeAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion() []string

GetPtraceTraceeAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePackageVersion() []string

GetPtraceTraceeAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePath() []string

GetPtraceTraceeAncestorsInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFilePathLength() []int

GetPtraceTraceeAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileRights() []int

GetPtraceTraceeAncestorsInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileUid() []uint32

GetPtraceTraceeAncestorsInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsInterpreterFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsInterpreterFileUser() []string

GetPtraceTraceeAncestorsInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsIsExec added in v0.60.0

func (ev *Event) GetPtraceTraceeAncestorsIsExec() []bool

GetPtraceTraceeAncestorsIsExec returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsIsKworker added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsIsKworker() []bool

GetPtraceTraceeAncestorsIsKworker returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsIsThread added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsIsThread() []bool

GetPtraceTraceeAncestorsIsThread returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsLength added in v0.60.0

func (ev *Event) GetPtraceTraceeAncestorsLength() int

GetPtraceTraceeAncestorsLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsPid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsPid() []uint32

GetPtraceTraceeAncestorsPid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsPpid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsPpid() []uint32

GetPtraceTraceeAncestorsPpid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsTid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsTid() []uint32

GetPtraceTraceeAncestorsTid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsTtyName added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsTtyName() []string

GetPtraceTraceeAncestorsTtyName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsUid added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsUid() []uint32

GetPtraceTraceeAncestorsUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsUser added in v0.49.0

func (ev *Event) GetPtraceTraceeAncestorsUser() []string

GetPtraceTraceeAncestorsUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetPtraceTraceeAncestorsUserSessionK8sGroups() []string

GetPtraceTraceeAncestorsUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsUserSessionK8sUid added in v0.50.0

func (ev *Event) GetPtraceTraceeAncestorsUserSessionK8sUid() []string

GetPtraceTraceeAncestorsUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAncestorsUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetPtraceTraceeAncestorsUserSessionK8sUsername() []string

GetPtraceTraceeAncestorsUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgs added in v0.49.0

func (ev *Event) GetPtraceTraceeArgs() string

GetPtraceTraceeArgs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgsFlags added in v0.49.0

func (ev *Event) GetPtraceTraceeArgsFlags() []string

GetPtraceTraceeArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgsOptions added in v0.49.0

func (ev *Event) GetPtraceTraceeArgsOptions() []string

GetPtraceTraceeArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgsScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeArgsScrubbed() string

GetPtraceTraceeArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeArgsTruncated() bool

GetPtraceTraceeArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgv added in v0.49.0

func (ev *Event) GetPtraceTraceeArgv() []string

GetPtraceTraceeArgv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgv0 added in v0.49.0

func (ev *Event) GetPtraceTraceeArgv0() string

GetPtraceTraceeArgv0 returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeArgvScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeArgvScrubbed() []string

GetPtraceTraceeArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeAuid added in v0.57.0

func (ev *Event) GetPtraceTraceeAuid() uint32

GetPtraceTraceeAuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCapEffective added in v0.49.0

func (ev *Event) GetPtraceTraceeCapEffective() uint64

GetPtraceTraceeCapEffective returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCapPermitted added in v0.49.0

func (ev *Event) GetPtraceTraceeCapPermitted() uint64

GetPtraceTraceeCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCgroupFileInode added in v0.57.0

func (ev *Event) GetPtraceTraceeCgroupFileInode() uint64

GetPtraceTraceeCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCgroupFileMountId added in v0.57.0

func (ev *Event) GetPtraceTraceeCgroupFileMountId() uint32

GetPtraceTraceeCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCgroupId added in v0.57.0

func (ev *Event) GetPtraceTraceeCgroupId() string

GetPtraceTraceeCgroupId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCgroupManager added in v0.57.0

func (ev *Event) GetPtraceTraceeCgroupManager() string

GetPtraceTraceeCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCmdargv added in v0.55.0

func (ev *Event) GetPtraceTraceeCmdargv() []string

GetPtraceTraceeCmdargv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeComm added in v0.49.0

func (ev *Event) GetPtraceTraceeComm() string

GetPtraceTraceeComm returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeContainerId added in v0.49.0

func (ev *Event) GetPtraceTraceeContainerId() string

GetPtraceTraceeContainerId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeCreatedAt added in v0.49.0

func (ev *Event) GetPtraceTraceeCreatedAt() int

GetPtraceTraceeCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEgid added in v0.49.0

func (ev *Event) GetPtraceTraceeEgid() uint32

GetPtraceTraceeEgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeEgroup() string

GetPtraceTraceeEgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEnvp added in v0.49.0

func (ev *Event) GetPtraceTraceeEnvp() []string

GetPtraceTraceeEnvp returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEnvs added in v0.49.0

func (ev *Event) GetPtraceTraceeEnvs() []string

GetPtraceTraceeEnvs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEnvsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeEnvsTruncated() bool

GetPtraceTraceeEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEuid added in v0.49.0

func (ev *Event) GetPtraceTraceeEuid() uint32

GetPtraceTraceeEuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeEuser added in v0.49.0

func (ev *Event) GetPtraceTraceeEuser() string

GetPtraceTraceeEuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeExecTime added in v0.49.0

func (ev *Event) GetPtraceTraceeExecTime() time.Time

GetPtraceTraceeExecTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeExitTime added in v0.49.0

func (ev *Event) GetPtraceTraceeExitTime() time.Time

GetPtraceTraceeExitTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeFileChangeTime() uint64

GetPtraceTraceeFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeFileFilesystem() string

GetPtraceTraceeFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeFileGid() uint32

GetPtraceTraceeFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeFileGroup() string

GetPtraceTraceeFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeFileHashes() []string

GetPtraceTraceeFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeFileInUpperLayer() bool

GetPtraceTraceeFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeFileInode() uint64

GetPtraceTraceeFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeFileMode() uint16

GetPtraceTraceeFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeFileModificationTime() uint64

GetPtraceTraceeFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeFileMountId() uint32

GetPtraceTraceeFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeFileName() string

GetPtraceTraceeFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeFileNameLength() int

GetPtraceTraceeFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeFilePackageName() string

GetPtraceTraceeFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeFilePackageSourceVersion() string

GetPtraceTraceeFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeFilePackageVersion() string

GetPtraceTraceeFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeFilePath() string

GetPtraceTraceeFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeFilePathLength() int

GetPtraceTraceeFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeFileRights() int

GetPtraceTraceeFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeFileUid() uint32

GetPtraceTraceeFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeFileUser() string

GetPtraceTraceeFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeForkTime added in v0.49.0

func (ev *Event) GetPtraceTraceeForkTime() time.Time

GetPtraceTraceeForkTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFsgid added in v0.49.0

func (ev *Event) GetPtraceTraceeFsgid() uint32

GetPtraceTraceeFsgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFsgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeFsgroup() string

GetPtraceTraceeFsgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFsuid added in v0.49.0

func (ev *Event) GetPtraceTraceeFsuid() uint32

GetPtraceTraceeFsuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeFsuser added in v0.49.0

func (ev *Event) GetPtraceTraceeFsuser() string

GetPtraceTraceeFsuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeGid added in v0.49.0

func (ev *Event) GetPtraceTraceeGid() uint32

GetPtraceTraceeGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeGroup() string

GetPtraceTraceeGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileChangeTime() uint64

GetPtraceTraceeInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileFilesystem() string

GetPtraceTraceeInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileGid() uint32

GetPtraceTraceeInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileGroup() string

GetPtraceTraceeInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileHashes() []string

GetPtraceTraceeInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileInUpperLayer() bool

GetPtraceTraceeInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileInode() uint64

GetPtraceTraceeInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileMode() uint16

GetPtraceTraceeInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileModificationTime() uint64

GetPtraceTraceeInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileMountId() uint32

GetPtraceTraceeInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileName() string

GetPtraceTraceeInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileNameLength() int

GetPtraceTraceeInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFilePackageName() string

GetPtraceTraceeInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFilePackageSourceVersion() string

GetPtraceTraceeInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFilePackageVersion() string

GetPtraceTraceeInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFilePath() string

GetPtraceTraceeInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFilePathLength() int

GetPtraceTraceeInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileRights() int

GetPtraceTraceeInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileUid() uint32

GetPtraceTraceeInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeInterpreterFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeInterpreterFileUser() string

GetPtraceTraceeInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeIsExec added in v0.60.0

func (ev *Event) GetPtraceTraceeIsExec() bool

GetPtraceTraceeIsExec returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeIsKworker added in v0.49.0

func (ev *Event) GetPtraceTraceeIsKworker() bool

GetPtraceTraceeIsKworker returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeIsThread added in v0.49.0

func (ev *Event) GetPtraceTraceeIsThread() bool

GetPtraceTraceeIsThread returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgs added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgs() string

GetPtraceTraceeParentArgs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgsFlags added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgsFlags() []string

GetPtraceTraceeParentArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgsOptions added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgsOptions() []string

GetPtraceTraceeParentArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgsScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeParentArgsScrubbed() string

GetPtraceTraceeParentArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgsTruncated() bool

GetPtraceTraceeParentArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgv added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgv() []string

GetPtraceTraceeParentArgv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgv0 added in v0.49.0

func (ev *Event) GetPtraceTraceeParentArgv0() string

GetPtraceTraceeParentArgv0 returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentArgvScrubbed added in v0.51.0

func (ev *Event) GetPtraceTraceeParentArgvScrubbed() []string

GetPtraceTraceeParentArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentAuid added in v0.57.0

func (ev *Event) GetPtraceTraceeParentAuid() uint32

GetPtraceTraceeParentAuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCapEffective added in v0.49.0

func (ev *Event) GetPtraceTraceeParentCapEffective() uint64

GetPtraceTraceeParentCapEffective returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCapPermitted added in v0.49.0

func (ev *Event) GetPtraceTraceeParentCapPermitted() uint64

GetPtraceTraceeParentCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCgroupFileInode added in v0.57.0

func (ev *Event) GetPtraceTraceeParentCgroupFileInode() uint64

GetPtraceTraceeParentCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCgroupFileMountId added in v0.57.0

func (ev *Event) GetPtraceTraceeParentCgroupFileMountId() uint32

GetPtraceTraceeParentCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCgroupId added in v0.57.0

func (ev *Event) GetPtraceTraceeParentCgroupId() string

GetPtraceTraceeParentCgroupId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCgroupManager added in v0.57.0

func (ev *Event) GetPtraceTraceeParentCgroupManager() string

GetPtraceTraceeParentCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCmdargv added in v0.55.0

func (ev *Event) GetPtraceTraceeParentCmdargv() []string

GetPtraceTraceeParentCmdargv returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentComm added in v0.49.0

func (ev *Event) GetPtraceTraceeParentComm() string

GetPtraceTraceeParentComm returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentContainerId added in v0.49.0

func (ev *Event) GetPtraceTraceeParentContainerId() string

GetPtraceTraceeParentContainerId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentCreatedAt added in v0.49.0

func (ev *Event) GetPtraceTraceeParentCreatedAt() int

GetPtraceTraceeParentCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEgid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEgid() uint32

GetPtraceTraceeParentEgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEgroup() string

GetPtraceTraceeParentEgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEnvp added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEnvp() []string

GetPtraceTraceeParentEnvp returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEnvs added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEnvs() []string

GetPtraceTraceeParentEnvs returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEnvsTruncated added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEnvsTruncated() bool

GetPtraceTraceeParentEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEuid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEuid() uint32

GetPtraceTraceeParentEuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentEuser added in v0.49.0

func (ev *Event) GetPtraceTraceeParentEuser() string

GetPtraceTraceeParentEuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileChangeTime() uint64

GetPtraceTraceeParentFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileFilesystem() string

GetPtraceTraceeParentFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileGid() uint32

GetPtraceTraceeParentFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileGroup() string

GetPtraceTraceeParentFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileHashes() []string

GetPtraceTraceeParentFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileInUpperLayer() bool

GetPtraceTraceeParentFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileInode() uint64

GetPtraceTraceeParentFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileMode() uint16

GetPtraceTraceeParentFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileModificationTime() uint64

GetPtraceTraceeParentFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileMountId() uint32

GetPtraceTraceeParentFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileName() string

GetPtraceTraceeParentFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileNameLength() int

GetPtraceTraceeParentFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFilePackageName() string

GetPtraceTraceeParentFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFilePackageSourceVersion() string

GetPtraceTraceeParentFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFilePackageVersion() string

GetPtraceTraceeParentFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFilePath() string

GetPtraceTraceeParentFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFilePathLength() int

GetPtraceTraceeParentFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileRights() int

GetPtraceTraceeParentFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileUid() uint32

GetPtraceTraceeParentFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFileUser() string

GetPtraceTraceeParentFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFsgid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFsgid() uint32

GetPtraceTraceeParentFsgid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFsgroup added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFsgroup() string

GetPtraceTraceeParentFsgroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFsuid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFsuid() uint32

GetPtraceTraceeParentFsuid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentFsuser added in v0.49.0

func (ev *Event) GetPtraceTraceeParentFsuser() string

GetPtraceTraceeParentFsuser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentGid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentGid() uint32

GetPtraceTraceeParentGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeParentGroup() string

GetPtraceTraceeParentGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileChangeTime() uint64

GetPtraceTraceeParentInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileFilesystem() string

GetPtraceTraceeParentInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileGid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileGid() uint32

GetPtraceTraceeParentInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileGroup added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileGroup() string

GetPtraceTraceeParentInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileHashes added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileHashes() []string

GetPtraceTraceeParentInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileInUpperLayer() bool

GetPtraceTraceeParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileInode added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileInode() uint64

GetPtraceTraceeParentInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileMode added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileMode() uint16

GetPtraceTraceeParentInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileModificationTime() uint64

GetPtraceTraceeParentInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileMountId added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileMountId() uint32

GetPtraceTraceeParentInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileName added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileName() string

GetPtraceTraceeParentInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileNameLength() int

GetPtraceTraceeParentInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageName() string

GetPtraceTraceeParentInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageSourceVersion() string

GetPtraceTraceeParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFilePackageVersion() string

GetPtraceTraceeParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFilePath added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFilePath() string

GetPtraceTraceeParentInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFilePathLength() int

GetPtraceTraceeParentInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileRights added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileRights() int

GetPtraceTraceeParentInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileUid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileUid() uint32

GetPtraceTraceeParentInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentInterpreterFileUser added in v0.49.0

func (ev *Event) GetPtraceTraceeParentInterpreterFileUser() string

GetPtraceTraceeParentInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentIsExec added in v0.60.0

func (ev *Event) GetPtraceTraceeParentIsExec() bool

GetPtraceTraceeParentIsExec returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentIsKworker added in v0.49.0

func (ev *Event) GetPtraceTraceeParentIsKworker() bool

GetPtraceTraceeParentIsKworker returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentIsThread added in v0.49.0

func (ev *Event) GetPtraceTraceeParentIsThread() bool

GetPtraceTraceeParentIsThread returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentPid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentPid() uint32

GetPtraceTraceeParentPid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentPpid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentPpid() uint32

GetPtraceTraceeParentPpid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentTid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentTid() uint32

GetPtraceTraceeParentTid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentTtyName added in v0.49.0

func (ev *Event) GetPtraceTraceeParentTtyName() string

GetPtraceTraceeParentTtyName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentUid added in v0.49.0

func (ev *Event) GetPtraceTraceeParentUid() uint32

GetPtraceTraceeParentUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentUser added in v0.49.0

func (ev *Event) GetPtraceTraceeParentUser() string

GetPtraceTraceeParentUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetPtraceTraceeParentUserSessionK8sGroups() []string

GetPtraceTraceeParentUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentUserSessionK8sUid added in v0.50.0

func (ev *Event) GetPtraceTraceeParentUserSessionK8sUid() string

GetPtraceTraceeParentUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeParentUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetPtraceTraceeParentUserSessionK8sUsername() string

GetPtraceTraceeParentUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceePid added in v0.49.0

func (ev *Event) GetPtraceTraceePid() uint32

GetPtraceTraceePid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceePpid added in v0.49.0

func (ev *Event) GetPtraceTraceePpid() uint32

GetPtraceTraceePpid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeTid added in v0.49.0

func (ev *Event) GetPtraceTraceeTid() uint32

GetPtraceTraceeTid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeTtyName added in v0.49.0

func (ev *Event) GetPtraceTraceeTtyName() string

GetPtraceTraceeTtyName returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeUid added in v0.49.0

func (ev *Event) GetPtraceTraceeUid() uint32

GetPtraceTraceeUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeUser added in v0.49.0

func (ev *Event) GetPtraceTraceeUser() string

GetPtraceTraceeUser returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetPtraceTraceeUserSessionK8sGroups() []string

GetPtraceTraceeUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeUserSessionK8sUid added in v0.50.0

func (ev *Event) GetPtraceTraceeUserSessionK8sUid() string

GetPtraceTraceeUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetPtraceTraceeUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetPtraceTraceeUserSessionK8sUsername() string

GetPtraceTraceeUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileChangeTime added in v0.49.0

func (ev *Event) GetRemovexattrFileChangeTime() uint64

GetRemovexattrFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileDestinationName added in v0.49.0

func (ev *Event) GetRemovexattrFileDestinationName() string

GetRemovexattrFileDestinationName returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileDestinationNamespace added in v0.49.0

func (ev *Event) GetRemovexattrFileDestinationNamespace() string

GetRemovexattrFileDestinationNamespace returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileFilesystem added in v0.49.0

func (ev *Event) GetRemovexattrFileFilesystem() string

GetRemovexattrFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileGid added in v0.49.0

func (ev *Event) GetRemovexattrFileGid() uint32

GetRemovexattrFileGid returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileGroup added in v0.49.0

func (ev *Event) GetRemovexattrFileGroup() string

GetRemovexattrFileGroup returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileHashes added in v0.49.0

func (ev *Event) GetRemovexattrFileHashes() []string

GetRemovexattrFileHashes returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileInUpperLayer added in v0.49.0

func (ev *Event) GetRemovexattrFileInUpperLayer() bool

GetRemovexattrFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileInode added in v0.49.0

func (ev *Event) GetRemovexattrFileInode() uint64

GetRemovexattrFileInode returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileMode added in v0.49.0

func (ev *Event) GetRemovexattrFileMode() uint16

GetRemovexattrFileMode returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileModificationTime added in v0.49.0

func (ev *Event) GetRemovexattrFileModificationTime() uint64

GetRemovexattrFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileMountId added in v0.49.0

func (ev *Event) GetRemovexattrFileMountId() uint32

GetRemovexattrFileMountId returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileName added in v0.49.0

func (ev *Event) GetRemovexattrFileName() string

GetRemovexattrFileName returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileNameLength added in v0.49.0

func (ev *Event) GetRemovexattrFileNameLength() int

GetRemovexattrFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFilePackageName added in v0.49.0

func (ev *Event) GetRemovexattrFilePackageName() string

GetRemovexattrFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetRemovexattrFilePackageSourceVersion() string

GetRemovexattrFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFilePackageVersion added in v0.49.0

func (ev *Event) GetRemovexattrFilePackageVersion() string

GetRemovexattrFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFilePath added in v0.49.0

func (ev *Event) GetRemovexattrFilePath() string

GetRemovexattrFilePath returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFilePathLength added in v0.49.0

func (ev *Event) GetRemovexattrFilePathLength() int

GetRemovexattrFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileRights added in v0.49.0

func (ev *Event) GetRemovexattrFileRights() int

GetRemovexattrFileRights returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileUid added in v0.49.0

func (ev *Event) GetRemovexattrFileUid() uint32

GetRemovexattrFileUid returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrFileUser added in v0.49.0

func (ev *Event) GetRemovexattrFileUser() string

GetRemovexattrFileUser returns the value of the field, resolving if necessary

func (*Event) GetRemovexattrRetval added in v0.49.0

func (ev *Event) GetRemovexattrRetval() int64

GetRemovexattrRetval returns the value of the field, resolving if necessary

func (*Event) GetRenameFileChangeTime added in v0.49.0

func (ev *Event) GetRenameFileChangeTime() uint64

GetRenameFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationChangeTime added in v0.49.0

func (ev *Event) GetRenameFileDestinationChangeTime() uint64

GetRenameFileDestinationChangeTime returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationFilesystem added in v0.49.0

func (ev *Event) GetRenameFileDestinationFilesystem() string

GetRenameFileDestinationFilesystem returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationGid added in v0.49.0

func (ev *Event) GetRenameFileDestinationGid() uint32

GetRenameFileDestinationGid returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationGroup added in v0.49.0

func (ev *Event) GetRenameFileDestinationGroup() string

GetRenameFileDestinationGroup returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationHashes added in v0.49.0

func (ev *Event) GetRenameFileDestinationHashes() []string

GetRenameFileDestinationHashes returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationInUpperLayer added in v0.49.0

func (ev *Event) GetRenameFileDestinationInUpperLayer() bool

GetRenameFileDestinationInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationInode added in v0.49.0

func (ev *Event) GetRenameFileDestinationInode() uint64

GetRenameFileDestinationInode returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationMode added in v0.49.0

func (ev *Event) GetRenameFileDestinationMode() uint16

GetRenameFileDestinationMode returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationModificationTime added in v0.49.0

func (ev *Event) GetRenameFileDestinationModificationTime() uint64

GetRenameFileDestinationModificationTime returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationMountId added in v0.49.0

func (ev *Event) GetRenameFileDestinationMountId() uint32

GetRenameFileDestinationMountId returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationName added in v0.49.0

func (ev *Event) GetRenameFileDestinationName() string

GetRenameFileDestinationName returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationNameLength added in v0.49.0

func (ev *Event) GetRenameFileDestinationNameLength() int

GetRenameFileDestinationNameLength returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationPackageName added in v0.49.0

func (ev *Event) GetRenameFileDestinationPackageName() string

GetRenameFileDestinationPackageName returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationPackageSourceVersion added in v0.49.0

func (ev *Event) GetRenameFileDestinationPackageSourceVersion() string

GetRenameFileDestinationPackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationPackageVersion added in v0.49.0

func (ev *Event) GetRenameFileDestinationPackageVersion() string

GetRenameFileDestinationPackageVersion returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationPath added in v0.49.0

func (ev *Event) GetRenameFileDestinationPath() string

GetRenameFileDestinationPath returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationPathLength added in v0.49.0

func (ev *Event) GetRenameFileDestinationPathLength() int

GetRenameFileDestinationPathLength returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationRights added in v0.49.0

func (ev *Event) GetRenameFileDestinationRights() int

GetRenameFileDestinationRights returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationUid added in v0.49.0

func (ev *Event) GetRenameFileDestinationUid() uint32

GetRenameFileDestinationUid returns the value of the field, resolving if necessary

func (*Event) GetRenameFileDestinationUser added in v0.49.0

func (ev *Event) GetRenameFileDestinationUser() string

GetRenameFileDestinationUser returns the value of the field, resolving if necessary

func (*Event) GetRenameFileFilesystem added in v0.49.0

func (ev *Event) GetRenameFileFilesystem() string

GetRenameFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetRenameFileGid added in v0.49.0

func (ev *Event) GetRenameFileGid() uint32

GetRenameFileGid returns the value of the field, resolving if necessary

func (*Event) GetRenameFileGroup added in v0.49.0

func (ev *Event) GetRenameFileGroup() string

GetRenameFileGroup returns the value of the field, resolving if necessary

func (*Event) GetRenameFileHashes added in v0.49.0

func (ev *Event) GetRenameFileHashes() []string

GetRenameFileHashes returns the value of the field, resolving if necessary

func (*Event) GetRenameFileInUpperLayer added in v0.49.0

func (ev *Event) GetRenameFileInUpperLayer() bool

GetRenameFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetRenameFileInode added in v0.49.0

func (ev *Event) GetRenameFileInode() uint64

GetRenameFileInode returns the value of the field, resolving if necessary

func (*Event) GetRenameFileMode added in v0.49.0

func (ev *Event) GetRenameFileMode() uint16

GetRenameFileMode returns the value of the field, resolving if necessary

func (*Event) GetRenameFileModificationTime added in v0.49.0

func (ev *Event) GetRenameFileModificationTime() uint64

GetRenameFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetRenameFileMountId added in v0.49.0

func (ev *Event) GetRenameFileMountId() uint32

GetRenameFileMountId returns the value of the field, resolving if necessary

func (*Event) GetRenameFileName added in v0.49.0

func (ev *Event) GetRenameFileName() string

GetRenameFileName returns the value of the field, resolving if necessary

func (*Event) GetRenameFileNameLength added in v0.49.0

func (ev *Event) GetRenameFileNameLength() int

GetRenameFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetRenameFilePackageName added in v0.49.0

func (ev *Event) GetRenameFilePackageName() string

GetRenameFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetRenameFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetRenameFilePackageSourceVersion() string

GetRenameFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetRenameFilePackageVersion added in v0.49.0

func (ev *Event) GetRenameFilePackageVersion() string

GetRenameFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetRenameFilePath added in v0.49.0

func (ev *Event) GetRenameFilePath() string

GetRenameFilePath returns the value of the field, resolving if necessary

func (*Event) GetRenameFilePathLength added in v0.49.0

func (ev *Event) GetRenameFilePathLength() int

GetRenameFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetRenameFileRights added in v0.49.0

func (ev *Event) GetRenameFileRights() int

GetRenameFileRights returns the value of the field, resolving if necessary

func (*Event) GetRenameFileUid added in v0.49.0

func (ev *Event) GetRenameFileUid() uint32

GetRenameFileUid returns the value of the field, resolving if necessary

func (*Event) GetRenameFileUser added in v0.49.0

func (ev *Event) GetRenameFileUser() string

GetRenameFileUser returns the value of the field, resolving if necessary

func (*Event) GetRenameRetval added in v0.49.0

func (ev *Event) GetRenameRetval() int64

GetRenameRetval returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallDestinationPath added in v0.56.0

func (ev *Event) GetRenameSyscallDestinationPath() string

GetRenameSyscallDestinationPath returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallInt1 added in v0.56.0

func (ev *Event) GetRenameSyscallInt1() int

GetRenameSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallInt2 added in v0.56.0

func (ev *Event) GetRenameSyscallInt2() int

GetRenameSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallInt3 added in v0.56.0

func (ev *Event) GetRenameSyscallInt3() int

GetRenameSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallPath added in v0.56.0

func (ev *Event) GetRenameSyscallPath() string

GetRenameSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallStr1 added in v0.56.0

func (ev *Event) GetRenameSyscallStr1() string

GetRenameSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallStr2 added in v0.56.0

func (ev *Event) GetRenameSyscallStr2() string

GetRenameSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetRenameSyscallStr3 added in v0.56.0

func (ev *Event) GetRenameSyscallStr3() string

GetRenameSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileChangeTime added in v0.49.0

func (ev *Event) GetRmdirFileChangeTime() uint64

GetRmdirFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileFilesystem added in v0.49.0

func (ev *Event) GetRmdirFileFilesystem() string

GetRmdirFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileGid added in v0.49.0

func (ev *Event) GetRmdirFileGid() uint32

GetRmdirFileGid returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileGroup added in v0.49.0

func (ev *Event) GetRmdirFileGroup() string

GetRmdirFileGroup returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileHashes added in v0.49.0

func (ev *Event) GetRmdirFileHashes() []string

GetRmdirFileHashes returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileInUpperLayer added in v0.49.0

func (ev *Event) GetRmdirFileInUpperLayer() bool

GetRmdirFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileInode added in v0.49.0

func (ev *Event) GetRmdirFileInode() uint64

GetRmdirFileInode returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileMode added in v0.49.0

func (ev *Event) GetRmdirFileMode() uint16

GetRmdirFileMode returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileModificationTime added in v0.49.0

func (ev *Event) GetRmdirFileModificationTime() uint64

GetRmdirFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileMountId added in v0.49.0

func (ev *Event) GetRmdirFileMountId() uint32

GetRmdirFileMountId returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileName added in v0.49.0

func (ev *Event) GetRmdirFileName() string

GetRmdirFileName returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileNameLength added in v0.49.0

func (ev *Event) GetRmdirFileNameLength() int

GetRmdirFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetRmdirFilePackageName added in v0.49.0

func (ev *Event) GetRmdirFilePackageName() string

GetRmdirFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetRmdirFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetRmdirFilePackageSourceVersion() string

GetRmdirFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetRmdirFilePackageVersion added in v0.49.0

func (ev *Event) GetRmdirFilePackageVersion() string

GetRmdirFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetRmdirFilePath added in v0.49.0

func (ev *Event) GetRmdirFilePath() string

GetRmdirFilePath returns the value of the field, resolving if necessary

func (*Event) GetRmdirFilePathLength added in v0.49.0

func (ev *Event) GetRmdirFilePathLength() int

GetRmdirFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileRights added in v0.49.0

func (ev *Event) GetRmdirFileRights() int

GetRmdirFileRights returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileUid added in v0.49.0

func (ev *Event) GetRmdirFileUid() uint32

GetRmdirFileUid returns the value of the field, resolving if necessary

func (*Event) GetRmdirFileUser added in v0.49.0

func (ev *Event) GetRmdirFileUser() string

GetRmdirFileUser returns the value of the field, resolving if necessary

func (*Event) GetRmdirRetval added in v0.49.0

func (ev *Event) GetRmdirRetval() int64

GetRmdirRetval returns the value of the field, resolving if necessary

func (*Event) GetSelinuxBoolCommitState added in v0.49.0

func (ev *Event) GetSelinuxBoolCommitState() bool

GetSelinuxBoolCommitState returns the value of the field, resolving if necessary

func (*Event) GetSelinuxBoolName added in v0.49.0

func (ev *Event) GetSelinuxBoolName() string

GetSelinuxBoolName returns the value of the field, resolving if necessary

func (*Event) GetSelinuxBoolState added in v0.49.0

func (ev *Event) GetSelinuxBoolState() string

GetSelinuxBoolState returns the value of the field, resolving if necessary

func (*Event) GetSelinuxEnforceStatus added in v0.49.0

func (ev *Event) GetSelinuxEnforceStatus() string

GetSelinuxEnforceStatus returns the value of the field, resolving if necessary

func (*Event) GetSetgidEgid added in v0.49.0

func (ev *Event) GetSetgidEgid() uint32

GetSetgidEgid returns the value of the field, resolving if necessary

func (*Event) GetSetgidEgroup added in v0.49.0

func (ev *Event) GetSetgidEgroup() string

GetSetgidEgroup returns the value of the field, resolving if necessary

func (*Event) GetSetgidFsgid added in v0.49.0

func (ev *Event) GetSetgidFsgid() uint32

GetSetgidFsgid returns the value of the field, resolving if necessary

func (*Event) GetSetgidFsgroup added in v0.49.0

func (ev *Event) GetSetgidFsgroup() string

GetSetgidFsgroup returns the value of the field, resolving if necessary

func (*Event) GetSetgidGid added in v0.49.0

func (ev *Event) GetSetgidGid() uint32

GetSetgidGid returns the value of the field, resolving if necessary

func (*Event) GetSetgidGroup added in v0.49.0

func (ev *Event) GetSetgidGroup() string

GetSetgidGroup returns the value of the field, resolving if necessary

func (*Event) GetSetuidEuid added in v0.49.0

func (ev *Event) GetSetuidEuid() uint32

GetSetuidEuid returns the value of the field, resolving if necessary

func (*Event) GetSetuidEuser added in v0.49.0

func (ev *Event) GetSetuidEuser() string

GetSetuidEuser returns the value of the field, resolving if necessary

func (*Event) GetSetuidFsuid added in v0.49.0

func (ev *Event) GetSetuidFsuid() uint32

GetSetuidFsuid returns the value of the field, resolving if necessary

func (*Event) GetSetuidFsuser added in v0.49.0

func (ev *Event) GetSetuidFsuser() string

GetSetuidFsuser returns the value of the field, resolving if necessary

func (*Event) GetSetuidUid added in v0.49.0

func (ev *Event) GetSetuidUid() uint32

GetSetuidUid returns the value of the field, resolving if necessary

func (*Event) GetSetuidUser added in v0.49.0

func (ev *Event) GetSetuidUser() string

GetSetuidUser returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileChangeTime added in v0.49.0

func (ev *Event) GetSetxattrFileChangeTime() uint64

GetSetxattrFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileDestinationName added in v0.49.0

func (ev *Event) GetSetxattrFileDestinationName() string

GetSetxattrFileDestinationName returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileDestinationNamespace added in v0.49.0

func (ev *Event) GetSetxattrFileDestinationNamespace() string

GetSetxattrFileDestinationNamespace returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileFilesystem added in v0.49.0

func (ev *Event) GetSetxattrFileFilesystem() string

GetSetxattrFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileGid added in v0.49.0

func (ev *Event) GetSetxattrFileGid() uint32

GetSetxattrFileGid returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileGroup added in v0.49.0

func (ev *Event) GetSetxattrFileGroup() string

GetSetxattrFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileHashes added in v0.49.0

func (ev *Event) GetSetxattrFileHashes() []string

GetSetxattrFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileInUpperLayer added in v0.49.0

func (ev *Event) GetSetxattrFileInUpperLayer() bool

GetSetxattrFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileInode added in v0.49.0

func (ev *Event) GetSetxattrFileInode() uint64

GetSetxattrFileInode returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileMode added in v0.49.0

func (ev *Event) GetSetxattrFileMode() uint16

GetSetxattrFileMode returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileModificationTime added in v0.49.0

func (ev *Event) GetSetxattrFileModificationTime() uint64

GetSetxattrFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileMountId added in v0.49.0

func (ev *Event) GetSetxattrFileMountId() uint32

GetSetxattrFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileName added in v0.49.0

func (ev *Event) GetSetxattrFileName() string

GetSetxattrFileName returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileNameLength added in v0.49.0

func (ev *Event) GetSetxattrFileNameLength() int

GetSetxattrFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFilePackageName added in v0.49.0

func (ev *Event) GetSetxattrFilePackageName() string

GetSetxattrFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSetxattrFilePackageSourceVersion() string

GetSetxattrFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFilePackageVersion added in v0.49.0

func (ev *Event) GetSetxattrFilePackageVersion() string

GetSetxattrFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFilePath added in v0.49.0

func (ev *Event) GetSetxattrFilePath() string

GetSetxattrFilePath returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFilePathLength added in v0.49.0

func (ev *Event) GetSetxattrFilePathLength() int

GetSetxattrFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileRights added in v0.49.0

func (ev *Event) GetSetxattrFileRights() int

GetSetxattrFileRights returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileUid added in v0.49.0

func (ev *Event) GetSetxattrFileUid() uint32

GetSetxattrFileUid returns the value of the field, resolving if necessary

func (*Event) GetSetxattrFileUser added in v0.49.0

func (ev *Event) GetSetxattrFileUser() string

GetSetxattrFileUser returns the value of the field, resolving if necessary

func (*Event) GetSetxattrRetval added in v0.49.0

func (ev *Event) GetSetxattrRetval() int64

GetSetxattrRetval returns the value of the field, resolving if necessary

func (*Event) GetSignalPid added in v0.49.0

func (ev *Event) GetSignalPid() uint32

GetSignalPid returns the value of the field, resolving if necessary

func (*Event) GetSignalRetval added in v0.49.0

func (ev *Event) GetSignalRetval() int64

GetSignalRetval returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgs added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgs() []string

GetSignalTargetAncestorsArgs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgsFlags added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgsFlags() []string

GetSignalTargetAncestorsArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgsOptions added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgsOptions() []string

GetSignalTargetAncestorsArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgsScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetAncestorsArgsScrubbed() []string

GetSignalTargetAncestorsArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgsTruncated() []bool

GetSignalTargetAncestorsArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgv added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgv() []string

GetSignalTargetAncestorsArgv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgv0 added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsArgv0() []string

GetSignalTargetAncestorsArgv0 returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsArgvScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetAncestorsArgvScrubbed() []string

GetSignalTargetAncestorsArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsAuid added in v0.57.0

func (ev *Event) GetSignalTargetAncestorsAuid() []uint32

GetSignalTargetAncestorsAuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCapEffective added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsCapEffective() []uint64

GetSignalTargetAncestorsCapEffective returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCapPermitted added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsCapPermitted() []uint64

GetSignalTargetAncestorsCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCgroupFileInode added in v0.57.0

func (ev *Event) GetSignalTargetAncestorsCgroupFileInode() []uint64

GetSignalTargetAncestorsCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCgroupFileMountId added in v0.57.0

func (ev *Event) GetSignalTargetAncestorsCgroupFileMountId() []uint32

GetSignalTargetAncestorsCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCgroupId added in v0.57.0

func (ev *Event) GetSignalTargetAncestorsCgroupId() []string

GetSignalTargetAncestorsCgroupId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCgroupManager added in v0.57.0

func (ev *Event) GetSignalTargetAncestorsCgroupManager() []string

GetSignalTargetAncestorsCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCmdargv added in v0.55.0

func (ev *Event) GetSignalTargetAncestorsCmdargv() []string

GetSignalTargetAncestorsCmdargv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsComm added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsComm() []string

GetSignalTargetAncestorsComm returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsContainerId added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsContainerId() []string

GetSignalTargetAncestorsContainerId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsCreatedAt added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsCreatedAt() []int

GetSignalTargetAncestorsCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEgid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEgid() []uint32

GetSignalTargetAncestorsEgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEgroup added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEgroup() []string

GetSignalTargetAncestorsEgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEnvp added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEnvp() []string

GetSignalTargetAncestorsEnvp returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEnvs added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEnvs() []string

GetSignalTargetAncestorsEnvs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEnvsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEnvsTruncated() []bool

GetSignalTargetAncestorsEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEuid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEuid() []uint32

GetSignalTargetAncestorsEuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsEuser added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsEuser() []string

GetSignalTargetAncestorsEuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileChangeTime() []uint64

GetSignalTargetAncestorsFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileFilesystem() []string

GetSignalTargetAncestorsFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileGid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileGid() []uint32

GetSignalTargetAncestorsFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileGroup() []string

GetSignalTargetAncestorsFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileHashes() []string

GetSignalTargetAncestorsFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileInUpperLayer() []bool

GetSignalTargetAncestorsFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileInode added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileInode() []uint64

GetSignalTargetAncestorsFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileMode added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileMode() []uint16

GetSignalTargetAncestorsFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileModificationTime() []uint64

GetSignalTargetAncestorsFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileMountId() []uint32

GetSignalTargetAncestorsFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileName added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileName() []string

GetSignalTargetAncestorsFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileNameLength() []int

GetSignalTargetAncestorsFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFilePackageName() []string

GetSignalTargetAncestorsFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFilePackageSourceVersion() []string

GetSignalTargetAncestorsFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFilePackageVersion() []string

GetSignalTargetAncestorsFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFilePath added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFilePath() []string

GetSignalTargetAncestorsFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFilePathLength() []int

GetSignalTargetAncestorsFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileRights added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileRights() []int

GetSignalTargetAncestorsFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileUid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileUid() []uint32

GetSignalTargetAncestorsFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFileUser added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFileUser() []string

GetSignalTargetAncestorsFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFsgid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFsgid() []uint32

GetSignalTargetAncestorsFsgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFsgroup added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFsgroup() []string

GetSignalTargetAncestorsFsgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFsuid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFsuid() []uint32

GetSignalTargetAncestorsFsuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsFsuser added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsFsuser() []string

GetSignalTargetAncestorsFsuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsGid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsGid() []uint32

GetSignalTargetAncestorsGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsGroup added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsGroup() []string

GetSignalTargetAncestorsGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileChangeTime() []uint64

GetSignalTargetAncestorsInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileFilesystem() []string

GetSignalTargetAncestorsInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileGid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileGid() []uint32

GetSignalTargetAncestorsInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileGroup() []string

GetSignalTargetAncestorsInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileHashes() []string

GetSignalTargetAncestorsInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileInUpperLayer() []bool

GetSignalTargetAncestorsInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileInode added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileInode() []uint64

GetSignalTargetAncestorsInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileMode added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileMode() []uint16

GetSignalTargetAncestorsInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileModificationTime() []uint64

GetSignalTargetAncestorsInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileMountId() []uint32

GetSignalTargetAncestorsInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileName added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileName() []string

GetSignalTargetAncestorsInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileNameLength() []int

GetSignalTargetAncestorsInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageName() []string

GetSignalTargetAncestorsInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageSourceVersion() []string

GetSignalTargetAncestorsInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFilePackageVersion() []string

GetSignalTargetAncestorsInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFilePath added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFilePath() []string

GetSignalTargetAncestorsInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFilePathLength() []int

GetSignalTargetAncestorsInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileRights added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileRights() []int

GetSignalTargetAncestorsInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileUid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileUid() []uint32

GetSignalTargetAncestorsInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsInterpreterFileUser added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsInterpreterFileUser() []string

GetSignalTargetAncestorsInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsIsExec added in v0.60.0

func (ev *Event) GetSignalTargetAncestorsIsExec() []bool

GetSignalTargetAncestorsIsExec returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsIsKworker added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsIsKworker() []bool

GetSignalTargetAncestorsIsKworker returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsIsThread added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsIsThread() []bool

GetSignalTargetAncestorsIsThread returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsLength added in v0.60.0

func (ev *Event) GetSignalTargetAncestorsLength() int

GetSignalTargetAncestorsLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsPid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsPid() []uint32

GetSignalTargetAncestorsPid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsPpid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsPpid() []uint32

GetSignalTargetAncestorsPpid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsTid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsTid() []uint32

GetSignalTargetAncestorsTid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsTtyName added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsTtyName() []string

GetSignalTargetAncestorsTtyName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsUid added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsUid() []uint32

GetSignalTargetAncestorsUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsUser added in v0.49.0

func (ev *Event) GetSignalTargetAncestorsUser() []string

GetSignalTargetAncestorsUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetSignalTargetAncestorsUserSessionK8sGroups() []string

GetSignalTargetAncestorsUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsUserSessionK8sUid added in v0.50.0

func (ev *Event) GetSignalTargetAncestorsUserSessionK8sUid() []string

GetSignalTargetAncestorsUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAncestorsUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetSignalTargetAncestorsUserSessionK8sUsername() []string

GetSignalTargetAncestorsUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgs added in v0.49.0

func (ev *Event) GetSignalTargetArgs() string

GetSignalTargetArgs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgsFlags added in v0.49.0

func (ev *Event) GetSignalTargetArgsFlags() []string

GetSignalTargetArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgsOptions added in v0.49.0

func (ev *Event) GetSignalTargetArgsOptions() []string

GetSignalTargetArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgsScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetArgsScrubbed() string

GetSignalTargetArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetArgsTruncated() bool

GetSignalTargetArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgv added in v0.49.0

func (ev *Event) GetSignalTargetArgv() []string

GetSignalTargetArgv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgv0 added in v0.49.0

func (ev *Event) GetSignalTargetArgv0() string

GetSignalTargetArgv0 returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetArgvScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetArgvScrubbed() []string

GetSignalTargetArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetAuid added in v0.57.0

func (ev *Event) GetSignalTargetAuid() uint32

GetSignalTargetAuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCapEffective added in v0.49.0

func (ev *Event) GetSignalTargetCapEffective() uint64

GetSignalTargetCapEffective returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCapPermitted added in v0.49.0

func (ev *Event) GetSignalTargetCapPermitted() uint64

GetSignalTargetCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCgroupFileInode added in v0.57.0

func (ev *Event) GetSignalTargetCgroupFileInode() uint64

GetSignalTargetCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCgroupFileMountId added in v0.57.0

func (ev *Event) GetSignalTargetCgroupFileMountId() uint32

GetSignalTargetCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCgroupId added in v0.57.0

func (ev *Event) GetSignalTargetCgroupId() string

GetSignalTargetCgroupId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCgroupManager added in v0.57.0

func (ev *Event) GetSignalTargetCgroupManager() string

GetSignalTargetCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCmdargv added in v0.55.0

func (ev *Event) GetSignalTargetCmdargv() []string

GetSignalTargetCmdargv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetComm added in v0.49.0

func (ev *Event) GetSignalTargetComm() string

GetSignalTargetComm returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetContainerId added in v0.49.0

func (ev *Event) GetSignalTargetContainerId() string

GetSignalTargetContainerId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetCreatedAt added in v0.49.0

func (ev *Event) GetSignalTargetCreatedAt() int

GetSignalTargetCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEgid added in v0.49.0

func (ev *Event) GetSignalTargetEgid() uint32

GetSignalTargetEgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEgroup added in v0.49.0

func (ev *Event) GetSignalTargetEgroup() string

GetSignalTargetEgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEnvp added in v0.49.0

func (ev *Event) GetSignalTargetEnvp() []string

GetSignalTargetEnvp returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEnvs added in v0.49.0

func (ev *Event) GetSignalTargetEnvs() []string

GetSignalTargetEnvs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEnvsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetEnvsTruncated() bool

GetSignalTargetEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEuid added in v0.49.0

func (ev *Event) GetSignalTargetEuid() uint32

GetSignalTargetEuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetEuser added in v0.49.0

func (ev *Event) GetSignalTargetEuser() string

GetSignalTargetEuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetExecTime added in v0.49.0

func (ev *Event) GetSignalTargetExecTime() time.Time

GetSignalTargetExecTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetExitTime added in v0.49.0

func (ev *Event) GetSignalTargetExitTime() time.Time

GetSignalTargetExitTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetFileChangeTime() uint64

GetSignalTargetFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetFileFilesystem() string

GetSignalTargetFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileGid added in v0.49.0

func (ev *Event) GetSignalTargetFileGid() uint32

GetSignalTargetFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetFileGroup() string

GetSignalTargetFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetFileHashes() []string

GetSignalTargetFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetFileInUpperLayer() bool

GetSignalTargetFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileInode added in v0.49.0

func (ev *Event) GetSignalTargetFileInode() uint64

GetSignalTargetFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileMode added in v0.49.0

func (ev *Event) GetSignalTargetFileMode() uint16

GetSignalTargetFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetFileModificationTime() uint64

GetSignalTargetFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetFileMountId() uint32

GetSignalTargetFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileName added in v0.49.0

func (ev *Event) GetSignalTargetFileName() string

GetSignalTargetFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetFileNameLength() int

GetSignalTargetFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetFilePackageName() string

GetSignalTargetFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetFilePackageSourceVersion() string

GetSignalTargetFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetFilePackageVersion() string

GetSignalTargetFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFilePath added in v0.49.0

func (ev *Event) GetSignalTargetFilePath() string

GetSignalTargetFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetFilePathLength() int

GetSignalTargetFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileRights added in v0.49.0

func (ev *Event) GetSignalTargetFileRights() int

GetSignalTargetFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileUid added in v0.49.0

func (ev *Event) GetSignalTargetFileUid() uint32

GetSignalTargetFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFileUser added in v0.49.0

func (ev *Event) GetSignalTargetFileUser() string

GetSignalTargetFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetForkTime added in v0.49.0

func (ev *Event) GetSignalTargetForkTime() time.Time

GetSignalTargetForkTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFsgid added in v0.49.0

func (ev *Event) GetSignalTargetFsgid() uint32

GetSignalTargetFsgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFsgroup added in v0.49.0

func (ev *Event) GetSignalTargetFsgroup() string

GetSignalTargetFsgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFsuid added in v0.49.0

func (ev *Event) GetSignalTargetFsuid() uint32

GetSignalTargetFsuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetFsuser added in v0.49.0

func (ev *Event) GetSignalTargetFsuser() string

GetSignalTargetFsuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetGid added in v0.49.0

func (ev *Event) GetSignalTargetGid() uint32

GetSignalTargetGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetGroup added in v0.49.0

func (ev *Event) GetSignalTargetGroup() string

GetSignalTargetGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileChangeTime() uint64

GetSignalTargetInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileFilesystem() string

GetSignalTargetInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileGid added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileGid() uint32

GetSignalTargetInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileGroup() string

GetSignalTargetInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileHashes() []string

GetSignalTargetInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileInUpperLayer() bool

GetSignalTargetInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileInode added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileInode() uint64

GetSignalTargetInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileMode added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileMode() uint16

GetSignalTargetInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileModificationTime() uint64

GetSignalTargetInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileMountId() uint32

GetSignalTargetInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileName added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileName() string

GetSignalTargetInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileNameLength() int

GetSignalTargetInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFilePackageName() string

GetSignalTargetInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFilePackageSourceVersion() string

GetSignalTargetInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFilePackageVersion() string

GetSignalTargetInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFilePath added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFilePath() string

GetSignalTargetInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFilePathLength() int

GetSignalTargetInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileRights added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileRights() int

GetSignalTargetInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileUid added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileUid() uint32

GetSignalTargetInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetInterpreterFileUser added in v0.49.0

func (ev *Event) GetSignalTargetInterpreterFileUser() string

GetSignalTargetInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetIsExec added in v0.60.0

func (ev *Event) GetSignalTargetIsExec() bool

GetSignalTargetIsExec returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetIsKworker added in v0.49.0

func (ev *Event) GetSignalTargetIsKworker() bool

GetSignalTargetIsKworker returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetIsThread added in v0.49.0

func (ev *Event) GetSignalTargetIsThread() bool

GetSignalTargetIsThread returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgs added in v0.49.0

func (ev *Event) GetSignalTargetParentArgs() string

GetSignalTargetParentArgs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgsFlags added in v0.49.0

func (ev *Event) GetSignalTargetParentArgsFlags() []string

GetSignalTargetParentArgsFlags returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgsOptions added in v0.49.0

func (ev *Event) GetSignalTargetParentArgsOptions() []string

GetSignalTargetParentArgsOptions returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgsScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetParentArgsScrubbed() string

GetSignalTargetParentArgsScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetParentArgsTruncated() bool

GetSignalTargetParentArgsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgv added in v0.49.0

func (ev *Event) GetSignalTargetParentArgv() []string

GetSignalTargetParentArgv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgv0 added in v0.49.0

func (ev *Event) GetSignalTargetParentArgv0() string

GetSignalTargetParentArgv0 returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentArgvScrubbed added in v0.51.0

func (ev *Event) GetSignalTargetParentArgvScrubbed() []string

GetSignalTargetParentArgvScrubbed returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentAuid added in v0.57.0

func (ev *Event) GetSignalTargetParentAuid() uint32

GetSignalTargetParentAuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCapEffective added in v0.49.0

func (ev *Event) GetSignalTargetParentCapEffective() uint64

GetSignalTargetParentCapEffective returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCapPermitted added in v0.49.0

func (ev *Event) GetSignalTargetParentCapPermitted() uint64

GetSignalTargetParentCapPermitted returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCgroupFileInode added in v0.57.0

func (ev *Event) GetSignalTargetParentCgroupFileInode() uint64

GetSignalTargetParentCgroupFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCgroupFileMountId added in v0.57.0

func (ev *Event) GetSignalTargetParentCgroupFileMountId() uint32

GetSignalTargetParentCgroupFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCgroupId added in v0.57.0

func (ev *Event) GetSignalTargetParentCgroupId() string

GetSignalTargetParentCgroupId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCgroupManager added in v0.57.0

func (ev *Event) GetSignalTargetParentCgroupManager() string

GetSignalTargetParentCgroupManager returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCmdargv added in v0.55.0

func (ev *Event) GetSignalTargetParentCmdargv() []string

GetSignalTargetParentCmdargv returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentComm added in v0.49.0

func (ev *Event) GetSignalTargetParentComm() string

GetSignalTargetParentComm returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentContainerId added in v0.49.0

func (ev *Event) GetSignalTargetParentContainerId() string

GetSignalTargetParentContainerId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentCreatedAt added in v0.49.0

func (ev *Event) GetSignalTargetParentCreatedAt() int

GetSignalTargetParentCreatedAt returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEgid added in v0.49.0

func (ev *Event) GetSignalTargetParentEgid() uint32

GetSignalTargetParentEgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEgroup added in v0.49.0

func (ev *Event) GetSignalTargetParentEgroup() string

GetSignalTargetParentEgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEnvp added in v0.49.0

func (ev *Event) GetSignalTargetParentEnvp() []string

GetSignalTargetParentEnvp returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEnvs added in v0.49.0

func (ev *Event) GetSignalTargetParentEnvs() []string

GetSignalTargetParentEnvs returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEnvsTruncated added in v0.49.0

func (ev *Event) GetSignalTargetParentEnvsTruncated() bool

GetSignalTargetParentEnvsTruncated returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEuid added in v0.49.0

func (ev *Event) GetSignalTargetParentEuid() uint32

GetSignalTargetParentEuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentEuser added in v0.49.0

func (ev *Event) GetSignalTargetParentEuser() string

GetSignalTargetParentEuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetParentFileChangeTime() uint64

GetSignalTargetParentFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetParentFileFilesystem() string

GetSignalTargetParentFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileGid added in v0.49.0

func (ev *Event) GetSignalTargetParentFileGid() uint32

GetSignalTargetParentFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetParentFileGroup() string

GetSignalTargetParentFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetParentFileHashes() []string

GetSignalTargetParentFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetParentFileInUpperLayer() bool

GetSignalTargetParentFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileInode added in v0.49.0

func (ev *Event) GetSignalTargetParentFileInode() uint64

GetSignalTargetParentFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileMode added in v0.49.0

func (ev *Event) GetSignalTargetParentFileMode() uint16

GetSignalTargetParentFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetParentFileModificationTime() uint64

GetSignalTargetParentFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetParentFileMountId() uint32

GetSignalTargetParentFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileName added in v0.49.0

func (ev *Event) GetSignalTargetParentFileName() string

GetSignalTargetParentFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetParentFileNameLength() int

GetSignalTargetParentFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetParentFilePackageName() string

GetSignalTargetParentFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetParentFilePackageSourceVersion() string

GetSignalTargetParentFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetParentFilePackageVersion() string

GetSignalTargetParentFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFilePath added in v0.49.0

func (ev *Event) GetSignalTargetParentFilePath() string

GetSignalTargetParentFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetParentFilePathLength() int

GetSignalTargetParentFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileRights added in v0.49.0

func (ev *Event) GetSignalTargetParentFileRights() int

GetSignalTargetParentFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileUid added in v0.49.0

func (ev *Event) GetSignalTargetParentFileUid() uint32

GetSignalTargetParentFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFileUser added in v0.49.0

func (ev *Event) GetSignalTargetParentFileUser() string

GetSignalTargetParentFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFsgid added in v0.49.0

func (ev *Event) GetSignalTargetParentFsgid() uint32

GetSignalTargetParentFsgid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFsgroup added in v0.49.0

func (ev *Event) GetSignalTargetParentFsgroup() string

GetSignalTargetParentFsgroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFsuid added in v0.49.0

func (ev *Event) GetSignalTargetParentFsuid() uint32

GetSignalTargetParentFsuid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentFsuser added in v0.49.0

func (ev *Event) GetSignalTargetParentFsuser() string

GetSignalTargetParentFsuser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentGid added in v0.49.0

func (ev *Event) GetSignalTargetParentGid() uint32

GetSignalTargetParentGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentGroup added in v0.49.0

func (ev *Event) GetSignalTargetParentGroup() string

GetSignalTargetParentGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileChangeTime added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileChangeTime() uint64

GetSignalTargetParentInterpreterFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileFilesystem added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileFilesystem() string

GetSignalTargetParentInterpreterFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileGid added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileGid() uint32

GetSignalTargetParentInterpreterFileGid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileGroup added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileGroup() string

GetSignalTargetParentInterpreterFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileHashes added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileHashes() []string

GetSignalTargetParentInterpreterFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileInUpperLayer added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileInUpperLayer() bool

GetSignalTargetParentInterpreterFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileInode added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileInode() uint64

GetSignalTargetParentInterpreterFileInode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileMode added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileMode() uint16

GetSignalTargetParentInterpreterFileMode returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileModificationTime added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileModificationTime() uint64

GetSignalTargetParentInterpreterFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileMountId added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileMountId() uint32

GetSignalTargetParentInterpreterFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileName added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileName() string

GetSignalTargetParentInterpreterFileName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileNameLength added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileNameLength() int

GetSignalTargetParentInterpreterFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFilePackageName added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFilePackageName() string

GetSignalTargetParentInterpreterFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFilePackageSourceVersion() string

GetSignalTargetParentInterpreterFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFilePackageVersion added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFilePackageVersion() string

GetSignalTargetParentInterpreterFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFilePath added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFilePath() string

GetSignalTargetParentInterpreterFilePath returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFilePathLength added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFilePathLength() int

GetSignalTargetParentInterpreterFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileRights added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileRights() int

GetSignalTargetParentInterpreterFileRights returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileUid added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileUid() uint32

GetSignalTargetParentInterpreterFileUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentInterpreterFileUser added in v0.49.0

func (ev *Event) GetSignalTargetParentInterpreterFileUser() string

GetSignalTargetParentInterpreterFileUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentIsExec added in v0.60.0

func (ev *Event) GetSignalTargetParentIsExec() bool

GetSignalTargetParentIsExec returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentIsKworker added in v0.49.0

func (ev *Event) GetSignalTargetParentIsKworker() bool

GetSignalTargetParentIsKworker returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentIsThread added in v0.49.0

func (ev *Event) GetSignalTargetParentIsThread() bool

GetSignalTargetParentIsThread returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentPid added in v0.49.0

func (ev *Event) GetSignalTargetParentPid() uint32

GetSignalTargetParentPid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentPpid added in v0.49.0

func (ev *Event) GetSignalTargetParentPpid() uint32

GetSignalTargetParentPpid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentTid added in v0.49.0

func (ev *Event) GetSignalTargetParentTid() uint32

GetSignalTargetParentTid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentTtyName added in v0.49.0

func (ev *Event) GetSignalTargetParentTtyName() string

GetSignalTargetParentTtyName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentUid added in v0.49.0

func (ev *Event) GetSignalTargetParentUid() uint32

GetSignalTargetParentUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentUser added in v0.49.0

func (ev *Event) GetSignalTargetParentUser() string

GetSignalTargetParentUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetSignalTargetParentUserSessionK8sGroups() []string

GetSignalTargetParentUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentUserSessionK8sUid added in v0.50.0

func (ev *Event) GetSignalTargetParentUserSessionK8sUid() string

GetSignalTargetParentUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetParentUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetSignalTargetParentUserSessionK8sUsername() string

GetSignalTargetParentUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetPid added in v0.49.0

func (ev *Event) GetSignalTargetPid() uint32

GetSignalTargetPid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetPpid added in v0.49.0

func (ev *Event) GetSignalTargetPpid() uint32

GetSignalTargetPpid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetTid added in v0.49.0

func (ev *Event) GetSignalTargetTid() uint32

GetSignalTargetTid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetTtyName added in v0.49.0

func (ev *Event) GetSignalTargetTtyName() string

GetSignalTargetTtyName returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetUid added in v0.49.0

func (ev *Event) GetSignalTargetUid() uint32

GetSignalTargetUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetUser added in v0.49.0

func (ev *Event) GetSignalTargetUser() string

GetSignalTargetUser returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetUserSessionK8sGroups added in v0.50.0

func (ev *Event) GetSignalTargetUserSessionK8sGroups() []string

GetSignalTargetUserSessionK8sGroups returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetUserSessionK8sUid added in v0.50.0

func (ev *Event) GetSignalTargetUserSessionK8sUid() string

GetSignalTargetUserSessionK8sUid returns the value of the field, resolving if necessary

func (*Event) GetSignalTargetUserSessionK8sUsername added in v0.50.0

func (ev *Event) GetSignalTargetUserSessionK8sUsername() string

GetSignalTargetUserSessionK8sUsername returns the value of the field, resolving if necessary

func (*Event) GetSignalType added in v0.49.0

func (ev *Event) GetSignalType() uint32

GetSignalType returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileChangeTime added in v0.49.0

func (ev *Event) GetSpliceFileChangeTime() uint64

GetSpliceFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileFilesystem added in v0.49.0

func (ev *Event) GetSpliceFileFilesystem() string

GetSpliceFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileGid added in v0.49.0

func (ev *Event) GetSpliceFileGid() uint32

GetSpliceFileGid returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileGroup added in v0.49.0

func (ev *Event) GetSpliceFileGroup() string

GetSpliceFileGroup returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileHashes added in v0.49.0

func (ev *Event) GetSpliceFileHashes() []string

GetSpliceFileHashes returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileInUpperLayer added in v0.49.0

func (ev *Event) GetSpliceFileInUpperLayer() bool

GetSpliceFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileInode added in v0.49.0

func (ev *Event) GetSpliceFileInode() uint64

GetSpliceFileInode returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileMode added in v0.49.0

func (ev *Event) GetSpliceFileMode() uint16

GetSpliceFileMode returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileModificationTime added in v0.49.0

func (ev *Event) GetSpliceFileModificationTime() uint64

GetSpliceFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileMountId added in v0.49.0

func (ev *Event) GetSpliceFileMountId() uint32

GetSpliceFileMountId returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileName added in v0.49.0

func (ev *Event) GetSpliceFileName() string

GetSpliceFileName returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileNameLength added in v0.49.0

func (ev *Event) GetSpliceFileNameLength() int

GetSpliceFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetSpliceFilePackageName added in v0.49.0

func (ev *Event) GetSpliceFilePackageName() string

GetSpliceFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetSpliceFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetSpliceFilePackageSourceVersion() string

GetSpliceFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetSpliceFilePackageVersion added in v0.49.0

func (ev *Event) GetSpliceFilePackageVersion() string

GetSpliceFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetSpliceFilePath added in v0.49.0

func (ev *Event) GetSpliceFilePath() string

GetSpliceFilePath returns the value of the field, resolving if necessary

func (*Event) GetSpliceFilePathLength added in v0.49.0

func (ev *Event) GetSpliceFilePathLength() int

GetSpliceFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileRights added in v0.49.0

func (ev *Event) GetSpliceFileRights() int

GetSpliceFileRights returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileUid added in v0.49.0

func (ev *Event) GetSpliceFileUid() uint32

GetSpliceFileUid returns the value of the field, resolving if necessary

func (*Event) GetSpliceFileUser added in v0.49.0

func (ev *Event) GetSpliceFileUser() string

GetSpliceFileUser returns the value of the field, resolving if necessary

func (*Event) GetSplicePipeEntryFlag added in v0.49.0

func (ev *Event) GetSplicePipeEntryFlag() uint32

GetSplicePipeEntryFlag returns the value of the field, resolving if necessary

func (*Event) GetSplicePipeExitFlag added in v0.49.0

func (ev *Event) GetSplicePipeExitFlag() uint32

GetSplicePipeExitFlag returns the value of the field, resolving if necessary

func (*Event) GetSpliceRetval added in v0.49.0

func (ev *Event) GetSpliceRetval() int64

GetSpliceRetval returns the value of the field, resolving if necessary

func (*Event) GetTags

func (e *Event) GetTags() []string

GetTags returns the list of tags specific to this event

func (*Event) GetTimestamp added in v0.49.0

func (ev *Event) GetTimestamp() time.Time

GetTimestamp returns the value of the field, resolving if necessary

func (*Event) GetType

func (e *Event) GetType() string

GetType returns the event type

func (*Event) GetUnlinkFileChangeTime added in v0.49.0

func (ev *Event) GetUnlinkFileChangeTime() uint64

GetUnlinkFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileFilesystem added in v0.49.0

func (ev *Event) GetUnlinkFileFilesystem() string

GetUnlinkFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileGid added in v0.49.0

func (ev *Event) GetUnlinkFileGid() uint32

GetUnlinkFileGid returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileGroup added in v0.49.0

func (ev *Event) GetUnlinkFileGroup() string

GetUnlinkFileGroup returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileHashes added in v0.49.0

func (ev *Event) GetUnlinkFileHashes() []string

GetUnlinkFileHashes returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileInUpperLayer added in v0.49.0

func (ev *Event) GetUnlinkFileInUpperLayer() bool

GetUnlinkFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileInode added in v0.49.0

func (ev *Event) GetUnlinkFileInode() uint64

GetUnlinkFileInode returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileMode added in v0.49.0

func (ev *Event) GetUnlinkFileMode() uint16

GetUnlinkFileMode returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileModificationTime added in v0.49.0

func (ev *Event) GetUnlinkFileModificationTime() uint64

GetUnlinkFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileMountId added in v0.49.0

func (ev *Event) GetUnlinkFileMountId() uint32

GetUnlinkFileMountId returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileName added in v0.49.0

func (ev *Event) GetUnlinkFileName() string

GetUnlinkFileName returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileNameLength added in v0.49.0

func (ev *Event) GetUnlinkFileNameLength() int

GetUnlinkFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFilePackageName added in v0.49.0

func (ev *Event) GetUnlinkFilePackageName() string

GetUnlinkFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetUnlinkFilePackageSourceVersion() string

GetUnlinkFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFilePackageVersion added in v0.49.0

func (ev *Event) GetUnlinkFilePackageVersion() string

GetUnlinkFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFilePath added in v0.49.0

func (ev *Event) GetUnlinkFilePath() string

GetUnlinkFilePath returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFilePathLength added in v0.49.0

func (ev *Event) GetUnlinkFilePathLength() int

GetUnlinkFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileRights added in v0.49.0

func (ev *Event) GetUnlinkFileRights() int

GetUnlinkFileRights returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileUid added in v0.49.0

func (ev *Event) GetUnlinkFileUid() uint32

GetUnlinkFileUid returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFileUser added in v0.49.0

func (ev *Event) GetUnlinkFileUser() string

GetUnlinkFileUser returns the value of the field, resolving if necessary

func (*Event) GetUnlinkFlags added in v0.49.0

func (ev *Event) GetUnlinkFlags() uint32

GetUnlinkFlags returns the value of the field, resolving if necessary

func (*Event) GetUnlinkRetval added in v0.49.0

func (ev *Event) GetUnlinkRetval() int64

GetUnlinkRetval returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallDirfd added in v0.56.0

func (ev *Event) GetUnlinkSyscallDirfd() int

GetUnlinkSyscallDirfd returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallFlags added in v0.56.0

func (ev *Event) GetUnlinkSyscallFlags() int

GetUnlinkSyscallFlags returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallInt1 added in v0.56.0

func (ev *Event) GetUnlinkSyscallInt1() int

GetUnlinkSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallInt2 added in v0.56.0

func (ev *Event) GetUnlinkSyscallInt2() int

GetUnlinkSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallInt3 added in v0.56.0

func (ev *Event) GetUnlinkSyscallInt3() int

GetUnlinkSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallPath added in v0.56.0

func (ev *Event) GetUnlinkSyscallPath() string

GetUnlinkSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallStr1 added in v0.56.0

func (ev *Event) GetUnlinkSyscallStr1() string

GetUnlinkSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallStr2 added in v0.56.0

func (ev *Event) GetUnlinkSyscallStr2() string

GetUnlinkSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetUnlinkSyscallStr3 added in v0.56.0

func (ev *Event) GetUnlinkSyscallStr3() string

GetUnlinkSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetUnloadModuleName added in v0.49.0

func (ev *Event) GetUnloadModuleName() string

GetUnloadModuleName returns the value of the field, resolving if necessary

func (*Event) GetUnloadModuleRetval added in v0.49.0

func (ev *Event) GetUnloadModuleRetval() int64

GetUnloadModuleRetval returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileChangeTime added in v0.49.0

func (ev *Event) GetUtimesFileChangeTime() uint64

GetUtimesFileChangeTime returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileFilesystem added in v0.49.0

func (ev *Event) GetUtimesFileFilesystem() string

GetUtimesFileFilesystem returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileGid added in v0.49.0

func (ev *Event) GetUtimesFileGid() uint32

GetUtimesFileGid returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileGroup added in v0.49.0

func (ev *Event) GetUtimesFileGroup() string

GetUtimesFileGroup returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileHashes added in v0.49.0

func (ev *Event) GetUtimesFileHashes() []string

GetUtimesFileHashes returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileInUpperLayer added in v0.49.0

func (ev *Event) GetUtimesFileInUpperLayer() bool

GetUtimesFileInUpperLayer returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileInode added in v0.49.0

func (ev *Event) GetUtimesFileInode() uint64

GetUtimesFileInode returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileMode added in v0.49.0

func (ev *Event) GetUtimesFileMode() uint16

GetUtimesFileMode returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileModificationTime added in v0.49.0

func (ev *Event) GetUtimesFileModificationTime() uint64

GetUtimesFileModificationTime returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileMountId added in v0.49.0

func (ev *Event) GetUtimesFileMountId() uint32

GetUtimesFileMountId returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileName added in v0.49.0

func (ev *Event) GetUtimesFileName() string

GetUtimesFileName returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileNameLength added in v0.49.0

func (ev *Event) GetUtimesFileNameLength() int

GetUtimesFileNameLength returns the value of the field, resolving if necessary

func (*Event) GetUtimesFilePackageName added in v0.49.0

func (ev *Event) GetUtimesFilePackageName() string

GetUtimesFilePackageName returns the value of the field, resolving if necessary

func (*Event) GetUtimesFilePackageSourceVersion added in v0.49.0

func (ev *Event) GetUtimesFilePackageSourceVersion() string

GetUtimesFilePackageSourceVersion returns the value of the field, resolving if necessary

func (*Event) GetUtimesFilePackageVersion added in v0.49.0

func (ev *Event) GetUtimesFilePackageVersion() string

GetUtimesFilePackageVersion returns the value of the field, resolving if necessary

func (*Event) GetUtimesFilePath added in v0.49.0

func (ev *Event) GetUtimesFilePath() string

GetUtimesFilePath returns the value of the field, resolving if necessary

func (*Event) GetUtimesFilePathLength added in v0.49.0

func (ev *Event) GetUtimesFilePathLength() int

GetUtimesFilePathLength returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileRights added in v0.49.0

func (ev *Event) GetUtimesFileRights() int

GetUtimesFileRights returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileUid added in v0.49.0

func (ev *Event) GetUtimesFileUid() uint32

GetUtimesFileUid returns the value of the field, resolving if necessary

func (*Event) GetUtimesFileUser added in v0.49.0

func (ev *Event) GetUtimesFileUser() string

GetUtimesFileUser returns the value of the field, resolving if necessary

func (*Event) GetUtimesRetval added in v0.49.0

func (ev *Event) GetUtimesRetval() int64

GetUtimesRetval returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallInt1 added in v0.56.0

func (ev *Event) GetUtimesSyscallInt1() int

GetUtimesSyscallInt1 returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallInt2 added in v0.56.0

func (ev *Event) GetUtimesSyscallInt2() int

GetUtimesSyscallInt2 returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallInt3 added in v0.56.0

func (ev *Event) GetUtimesSyscallInt3() int

GetUtimesSyscallInt3 returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallPath added in v0.56.0

func (ev *Event) GetUtimesSyscallPath() string

GetUtimesSyscallPath returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallStr1 added in v0.56.0

func (ev *Event) GetUtimesSyscallStr1() string

GetUtimesSyscallStr1 returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallStr2 added in v0.56.0

func (ev *Event) GetUtimesSyscallStr2() string

GetUtimesSyscallStr2 returns the value of the field, resolving if necessary

func (*Event) GetUtimesSyscallStr3 added in v0.56.0

func (ev *Event) GetUtimesSyscallStr3() string

GetUtimesSyscallStr3 returns the value of the field, resolving if necessary

func (*Event) GetWorkloadID added in v0.47.0

func (e *Event) GetWorkloadID() string

GetWorkloadID returns an ID that represents the workload

func (*Event) HasActiveActivityDump added in v0.53.0

func (e *Event) HasActiveActivityDump() bool

HasActiveActivityDump returns true if the event has an active activity dump associated to it

func (*Event) Init added in v0.39.0

func (e *Event) Init()

Init initialize the event

func (*Event) IsActivityDumpSample added in v0.40.0

func (e *Event) IsActivityDumpSample() bool

IsActivityDumpSample return whether AD sample

func (*Event) IsAnomalyDetectionEvent added in v0.47.0

func (e *Event) IsAnomalyDetectionEvent() bool

IsAnomalyDetectionEvent returns true if the current event is an anomaly detection event (kernel or user space)

func (*Event) IsInProfile added in v0.45.0

func (e *Event) IsInProfile() bool

IsInProfile return true if the event was found in the profile

func (*Event) IsSavedByActivityDumps added in v0.44.0

func (e *Event) IsSavedByActivityDumps() bool

IsSavedByActivityDumps return whether saved by AD

func (*Event) Release added in v0.43.0

func (e *Event) Release()

Release the event

func (*Event) RemoveFromFlags added in v0.45.0

func (e *Event) RemoveFromFlags(flag uint32)

RemoveFromFlags remove a flag to the event

func (*Event) ResetAnomalyDetectionEvent

func (e *Event) ResetAnomalyDetectionEvent()

ResetAnomalyDetectionEvent removes the anomaly detection event flag

func (*Event) ResolveEventTime added in v0.46.0

func (e *Event) ResolveEventTime() time.Time

ResolveEventTime uses the field handler

func (*Event) ResolveFields added in v0.43.0

func (ev *Event) ResolveFields()

ResolveFields resolves all the fields associate to the event type. Context fields are automatically resolved.

func (*Event) ResolveFieldsForAD added in v0.44.0

func (ev *Event) ResolveFieldsForAD()

ResolveFieldsForAD resolves all the fields associate to the event type. Context fields are automatically resolved.

func (*Event) ResolveProcessCacheEntry added in v0.43.0

func (e *Event) ResolveProcessCacheEntry(newEntryCb func(*ProcessCacheEntry, error)) (*ProcessCacheEntry, bool)

ResolveProcessCacheEntry uses the field handler

func (*Event) ResolveService added in v0.52.0

func (e *Event) ResolveService() string

ResolveService uses the field handler

func (*Event) Retain added in v0.43.0

func (e *Event) Retain() Event

Retain the event

func (*Event) SetFieldValue

func (ev *Event) SetFieldValue(field eval.Field, value interface{}) error

func (*Event) SetPathResolutionError added in v0.43.0

func (ev *Event) SetPathResolutionError(fileFields *FileEvent, err error)

SetPathResolutionError sets the Event.pathResolutionError

func (*Event) UnmarshalBinary

func (e *Event) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

func (*Event) Zero added in v0.48.0

func (e *Event) Zero()

Zero the event

type EventCategory

type EventCategory = string

EventCategory category type

const (
	// FIMCategory FIM events
	FIMCategory EventCategory = "File Activity"
	// ProcessCategory process events
	ProcessCategory EventCategory = "Process Activity"
	// KernelCategory Kernel events
	KernelCategory EventCategory = "Kernel Activity"
	// NetworkCategory network events
	NetworkCategory EventCategory = "Network Activity"
)

Event categories

func GetAllCategories added in v0.34.0

func GetAllCategories() []EventCategory

GetAllCategories returns all categories

func GetEventTypeCategory

func GetEventTypeCategory(eventType eval.EventType) EventCategory

GetEventTypeCategory returns the category for the given event type

type EventFilteringProfileState added in v0.55.0

type EventFilteringProfileState uint8

EventFilteringProfileState is used to compute metrics for the event filtering feature

const (
	// NoProfile is used to count the events for which we didn't have a profile
	NoProfile EventFilteringProfileState = iota
	// ProfileAtMaxSize is used to count the events that didn't make it into a profile because their matching profile
	// reached the max size threshold
	ProfileAtMaxSize
	// UnstableEventType is used to count the events that didn't make it into a profile because their matching profile was
	// unstable for their event type
	UnstableEventType
	// StableEventType is used to count the events linked to a stable profile for their event type
	StableEventType
	// AutoLearning is used to count the event during the auto learning phase
	AutoLearning
	// WorkloadWarmup is used to count the learned events due to workload warm up time
	WorkloadWarmup
)

func (EventFilteringProfileState) String added in v0.55.0

func (efr EventFilteringProfileState) String() string

String returns the string representation of the EventFilteringProfileState

func (EventFilteringProfileState) ToTag added in v0.55.0

func (efr EventFilteringProfileState) ToTag() string

ToTag returns the tag representation of the EventFilteringProfileState

type EventType

type EventType uint32

EventType describes the type of an event sent from the kernel

const (
	// UnknownEventType unknown event
	UnknownEventType EventType = iota
	// FileOpenEventType File open event
	FileOpenEventType
	// FileMkdirEventType Folder creation event
	FileMkdirEventType
	// FileLinkEventType Hard link creation event
	FileLinkEventType
	// FileRenameEventType File or folder rename event
	FileRenameEventType
	// FileUnlinkEventType Unlink event
	FileUnlinkEventType
	// FileRmdirEventType Rmdir event
	FileRmdirEventType
	// FileChmodEventType Chmod event
	FileChmodEventType
	// FileChownEventType Chown event
	FileChownEventType
	// FileUtimesEventType Utime event
	FileUtimesEventType
	// FileSetXAttrEventType Setxattr event
	FileSetXAttrEventType
	// FileRemoveXAttrEventType Removexattr event
	FileRemoveXAttrEventType
	// FileChdirEventType chdir event
	FileChdirEventType
	// FileMountEventType Mount event
	FileMountEventType
	// FileUmountEventType Umount event
	FileUmountEventType
	// ForkEventType Fork event
	ForkEventType
	// ExecEventType Exec event
	ExecEventType
	// ExitEventType Exit event
	ExitEventType
	// InvalidateDentryEventType Dentry invalidated event (DEPRECATED)
	InvalidateDentryEventType
	// SetuidEventType setuid event
	SetuidEventType
	// SetgidEventType setgid event
	SetgidEventType
	// CapsetEventType capset event
	CapsetEventType
	// ArgsEnvsEventType args and envs event
	ArgsEnvsEventType
	// MountReleasedEventType sent when a mount point is released
	MountReleasedEventType
	// SELinuxEventType selinux event
	SELinuxEventType
	// BPFEventType bpf event
	BPFEventType
	// PTraceEventType PTrace event
	PTraceEventType
	// MMapEventType MMap event
	MMapEventType
	// MProtectEventType MProtect event
	MProtectEventType
	// LoadModuleEventType LoadModule event
	LoadModuleEventType
	// UnloadModuleEventType UnloadModule evnt
	UnloadModuleEventType
	// SignalEventType Signal event
	SignalEventType
	// SpliceEventType Splice event
	SpliceEventType
	// CgroupTracingEventType is sent when a new cgroup is being traced
	CgroupTracingEventType
	// DNSEventType DNS event
	DNSEventType
	// NetDeviceEventType is sent for events on net devices
	NetDeviceEventType
	// VethPairEventType is sent when a new veth pair is created
	VethPairEventType
	// BindEventType Bind event
	BindEventType
	// ConnectEventType Connect event
	ConnectEventType
	// UnshareMountNsEventType is sent when a new mount is created from a mount namespace copy
	UnshareMountNsEventType
	// SyscallsEventType Syscalls event
	SyscallsEventType
	// IMDSEventType is sent when an IMDS request or qnswer is captured
	IMDSEventType
	// OnDemandEventType is sent for on-demand events
	OnDemandEventType
	// LoginUIDWriteEventType is sent for login_uid write events
	LoginUIDWriteEventType
	// CgroupWriteEventType is sent when a new cgroup was created
	CgroupWriteEventType
	// RawPacketEventType raw packet event
	RawPacketEventType
	// MaxKernelEventType is used internally to get the maximum number of kernel events.
	MaxKernelEventType

	// FirstEventType is the first valid event type
	FirstEventType = FileOpenEventType

	// LastEventType is the last valid event type
	LastEventType = SyscallsEventType

	// FirstDiscarderEventType first event that accepts discarders
	FirstDiscarderEventType = FileOpenEventType

	// LastDiscarderEventType last event that accepts discarders
	LastDiscarderEventType = FileChdirEventType

	// LastApproverEventType is the last event that accepts approvers
	LastApproverEventType = SpliceEventType

	// CustomEventType represents a custom event type
	CustomEventType EventType = iota

	// CreateNewFileEventType event
	CreateNewFileEventType
	// DeleteFileEventType event
	DeleteFileEventType
	// WriteFileEventType event
	WriteFileEventType
	// CreateRegistryKeyEventType event
	CreateRegistryKeyEventType
	// OpenRegistryKeyEventType event
	OpenRegistryKeyEventType
	// SetRegistryKeyValueEventType event
	SetRegistryKeyValueEventType
	// DeleteRegistryKeyEventType event
	DeleteRegistryKeyEventType
	// ChangePermissionEventType event
	ChangePermissionEventType

	// MaxAllEventType is used internally to get the maximum number of events.
	MaxAllEventType
)

func (EventType) String

func (t EventType) String() string

type ExecEvent

type ExecEvent struct {
	SyscallContext
	*Process

	// Syscall context aliases
	SyscallPath string `field:"syscall.path,ref:exec.syscall.str1"` // SECLDoc[syscall.path] Definition:`path argument of the syscall`
}

ExecEvent represents a exec event

type ExitCause added in v0.38.0

type ExitCause uint32

ExitCause represents the cause of a process termination

const (
	// ExitExited Process exited normally
	ExitExited ExitCause = iota
	// ExitCoreDumped Process was terminated with a coredump signal
	ExitCoreDumped
	// ExitSignaled Process was terminated with a signal other than a coredump
	ExitSignaled
)

func (ExitCause) String added in v0.38.0

func (cause ExitCause) String() string

type ExitEvent added in v0.38.0

type ExitEvent struct {
	*Process
	Cause uint32 `field:"cause"` // SECLDoc[cause] Definition:`Cause of the process termination (one of EXITED, SIGNALED, COREDUMPED)`
	Code  uint32 `field:"code"`  // SECLDoc[code] Definition:`Exit code of the process or number of the signal that caused the process to terminate`
}

ExitEvent represents a process exit event

func (*ExitEvent) UnmarshalBinary added in v0.38.0

func (e *ExitEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type ExtraFieldHandlers added in v0.43.0

type ExtraFieldHandlers interface {
	BaseExtraFieldHandlers
	ResolveHashes(eventType EventType, process *Process, file *FileEvent) []string
	ResolveUserSessionContext(evtCtx *UserSessionContext)
	ResolveAWSSecurityCredentials(event *Event) []AWSSecurityCredentials
	ResolveSyscallCtxArgs(ev *Event, e *SyscallContext)
}

ExtraFieldHandlers handlers not hold by any field

type FakeFieldHandlers added in v0.52.0

type FakeFieldHandlers struct{}

func (*FakeFieldHandlers) ResolveAWSSecurityCredentials added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveAWSSecurityCredentials(_ *Event) []AWSSecurityCredentials

ResolveAWSSecurityCredentials resolves and updates the AWS security credentials of the input process entry

func (*FakeFieldHandlers) ResolveAsync added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveAsync(ev *Event) bool

func (*FakeFieldHandlers) ResolveCGroupID added in v0.57.0

func (dfh *FakeFieldHandlers) ResolveCGroupID(ev *Event, e *CGroupContext) string

func (*FakeFieldHandlers) ResolveCGroupManager added in v0.57.0

func (dfh *FakeFieldHandlers) ResolveCGroupManager(ev *Event, e *CGroupContext) string

func (*FakeFieldHandlers) ResolveChownGID added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveChownGID(ev *Event, e *ChownEvent) string

func (*FakeFieldHandlers) ResolveChownUID added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveChownUID(ev *Event, e *ChownEvent) string

func (*FakeFieldHandlers) ResolveContainerContext added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveContainerContext(_ *Event) (*ContainerContext, bool)

ResolveContainerContext stub implementation

func (*FakeFieldHandlers) ResolveContainerCreatedAt added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int

func (*FakeFieldHandlers) ResolveContainerID added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveContainerID(ev *Event, e *ContainerContext) string

func (*FakeFieldHandlers) ResolveContainerRuntime added in v0.57.0

func (dfh *FakeFieldHandlers) ResolveContainerRuntime(ev *Event, e *ContainerContext) string

func (*FakeFieldHandlers) ResolveContainerTags added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveContainerTags(ev *Event, e *ContainerContext) []string

func (*FakeFieldHandlers) ResolveEventTime added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveEventTime(ev *Event, e *BaseEvent) time.Time

func (*FakeFieldHandlers) ResolveEventTimestamp added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveEventTimestamp(ev *Event, e *BaseEvent) int

func (*FakeFieldHandlers) ResolveFileBasename added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFileBasename(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolveFileFieldsGroup added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFileFieldsGroup(ev *Event, e *FileFields) string

func (*FakeFieldHandlers) ResolveFileFieldsInUpperLayer added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool

func (*FakeFieldHandlers) ResolveFileFieldsUser added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFileFieldsUser(ev *Event, e *FileFields) string

func (*FakeFieldHandlers) ResolveFileFilesystem added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFileFilesystem(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolveFilePath added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveFilePath(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolveHashes added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveHashes(_ EventType, _ *Process, _ *FileEvent) []string

ResolveHashes resolves the hash of the provided file

func (*FakeFieldHandlers) ResolveHashesFromEvent added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveHashesFromEvent(ev *Event, e *FileEvent) []string

func (*FakeFieldHandlers) ResolveHostname added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveHostname(ev *Event, e *BaseEvent) string

func (*FakeFieldHandlers) ResolveIsIPPublic

func (dfh *FakeFieldHandlers) ResolveIsIPPublic(ev *Event, e *IPPortContext) bool

func (*FakeFieldHandlers) ResolveK8SGroups added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveK8SGroups(ev *Event, e *UserSessionContext) []string

func (*FakeFieldHandlers) ResolveK8SUID added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveK8SUID(ev *Event, e *UserSessionContext) string

func (*FakeFieldHandlers) ResolveK8SUsername added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveK8SUsername(ev *Event, e *UserSessionContext) string

func (*FakeFieldHandlers) ResolveModuleArgs added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string

func (*FakeFieldHandlers) ResolveModuleArgv added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string

func (*FakeFieldHandlers) ResolveMountPointPath added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveMountPointPath(ev *Event, e *MountEvent) string

func (*FakeFieldHandlers) ResolveMountRootPath added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveMountRootPath(ev *Event, e *MountEvent) string

func (*FakeFieldHandlers) ResolveMountSourcePath added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveMountSourcePath(ev *Event, e *MountEvent) string

func (*FakeFieldHandlers) ResolveNetworkDeviceIfName added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string

func (*FakeFieldHandlers) ResolveOnDemandArg1Str added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg1Str(ev *Event, e *OnDemandEvent) string

func (*FakeFieldHandlers) ResolveOnDemandArg1Uint added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg1Uint(ev *Event, e *OnDemandEvent) int

func (*FakeFieldHandlers) ResolveOnDemandArg2Str added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg2Str(ev *Event, e *OnDemandEvent) string

func (*FakeFieldHandlers) ResolveOnDemandArg2Uint added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg2Uint(ev *Event, e *OnDemandEvent) int

func (*FakeFieldHandlers) ResolveOnDemandArg3Str added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg3Str(ev *Event, e *OnDemandEvent) string

func (*FakeFieldHandlers) ResolveOnDemandArg3Uint added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg3Uint(ev *Event, e *OnDemandEvent) int

func (*FakeFieldHandlers) ResolveOnDemandArg4Str added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg4Str(ev *Event, e *OnDemandEvent) string

func (*FakeFieldHandlers) ResolveOnDemandArg4Uint added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandArg4Uint(ev *Event, e *OnDemandEvent) int

func (*FakeFieldHandlers) ResolveOnDemandName added in v0.56.0

func (dfh *FakeFieldHandlers) ResolveOnDemandName(ev *Event, e *OnDemandEvent) string

func (*FakeFieldHandlers) ResolvePackageName added in v0.52.0

func (dfh *FakeFieldHandlers) ResolvePackageName(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolvePackageSourceVersion added in v0.52.0

func (dfh *FakeFieldHandlers) ResolvePackageSourceVersion(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolvePackageVersion added in v0.52.0

func (dfh *FakeFieldHandlers) ResolvePackageVersion(ev *Event, e *FileEvent) string

func (*FakeFieldHandlers) ResolveProcessArgs added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgs(ev *Event, e *Process) string

func (*FakeFieldHandlers) ResolveProcessArgsFlags added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgsFlags(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessArgsOptions added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgsOptions(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessArgsScrubbed added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgsScrubbed(ev *Event, e *Process) string

func (*FakeFieldHandlers) ResolveProcessArgsTruncated added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgsTruncated(ev *Event, e *Process) bool

func (*FakeFieldHandlers) ResolveProcessArgv added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgv(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessArgv0 added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgv0(ev *Event, e *Process) string

func (*FakeFieldHandlers) ResolveProcessArgvScrubbed added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessArgvScrubbed(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessCacheEntry added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessCacheEntry(_ *Event, _ func(*ProcessCacheEntry, error)) (*ProcessCacheEntry, bool)

ResolveProcessCacheEntry stub implementation

func (*FakeFieldHandlers) ResolveProcessCmdArgv added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveProcessCmdArgv(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessContainerID added in v0.57.0

func (dfh *FakeFieldHandlers) ResolveProcessContainerID(ev *Event, e *Process) string

func (*FakeFieldHandlers) ResolveProcessCreatedAt added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessCreatedAt(ev *Event, e *Process) int

func (*FakeFieldHandlers) ResolveProcessEnvp added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessEnvp(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessEnvs added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessEnvs(ev *Event, e *Process) []string

func (*FakeFieldHandlers) ResolveProcessEnvsTruncated added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveProcessEnvsTruncated(ev *Event, e *Process) bool

func (*FakeFieldHandlers) ResolveProcessIsThread added in v0.60.0

func (dfh *FakeFieldHandlers) ResolveProcessIsThread(ev *Event, e *Process) bool

func (*FakeFieldHandlers) ResolveRights added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveRights(ev *Event, e *FileFields) int

func (*FakeFieldHandlers) ResolveSELinuxBoolName added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string

func (*FakeFieldHandlers) ResolveService added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveService(ev *Event, e *BaseEvent) string

func (*FakeFieldHandlers) ResolveSetgidEGroup added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string

func (*FakeFieldHandlers) ResolveSetgidFSGroup added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string

func (*FakeFieldHandlers) ResolveSetgidGroup added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetgidGroup(ev *Event, e *SetgidEvent) string

func (*FakeFieldHandlers) ResolveSetuidEUser added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetuidEUser(ev *Event, e *SetuidEvent) string

func (*FakeFieldHandlers) ResolveSetuidFSUser added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string

func (*FakeFieldHandlers) ResolveSetuidUser added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveSetuidUser(ev *Event, e *SetuidEvent) string

func (*FakeFieldHandlers) ResolveSyscallCtxArgs added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgs(_ *Event, _ *SyscallContext)

ResolveSyscallCtxArgs resolves syscall context

func (*FakeFieldHandlers) ResolveSyscallCtxArgsInt1 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsInt1(ev *Event, e *SyscallContext) int

func (*FakeFieldHandlers) ResolveSyscallCtxArgsInt2 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsInt2(ev *Event, e *SyscallContext) int

func (*FakeFieldHandlers) ResolveSyscallCtxArgsInt3 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsInt3(ev *Event, e *SyscallContext) int

func (*FakeFieldHandlers) ResolveSyscallCtxArgsStr1 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsStr1(ev *Event, e *SyscallContext) string

func (*FakeFieldHandlers) ResolveSyscallCtxArgsStr2 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsStr2(ev *Event, e *SyscallContext) string

func (*FakeFieldHandlers) ResolveSyscallCtxArgsStr3 added in v0.55.0

func (dfh *FakeFieldHandlers) ResolveSyscallCtxArgsStr3(ev *Event, e *SyscallContext) string

func (*FakeFieldHandlers) ResolveUserSessionContext added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveUserSessionContext(_ *UserSessionContext)

ResolveUserSessionContext resolves and updates the provided user session context

func (*FakeFieldHandlers) ResolveXAttrName added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveXAttrName(ev *Event, e *SetXAttrEvent) string

func (*FakeFieldHandlers) ResolveXAttrNamespace added in v0.52.0

func (dfh *FakeFieldHandlers) ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string

type FieldHandlers added in v0.43.0

type FieldHandlers interface {
	ResolveAsync(ev *Event) bool
	ResolveCGroupID(ev *Event, e *CGroupContext) string
	ResolveCGroupManager(ev *Event, e *CGroupContext) string
	ResolveChownGID(ev *Event, e *ChownEvent) string
	ResolveChownUID(ev *Event, e *ChownEvent) string
	ResolveContainerCreatedAt(ev *Event, e *ContainerContext) int
	ResolveContainerID(ev *Event, e *ContainerContext) string
	ResolveContainerRuntime(ev *Event, e *ContainerContext) string
	ResolveContainerTags(ev *Event, e *ContainerContext) []string
	ResolveEventTime(ev *Event, e *BaseEvent) time.Time
	ResolveEventTimestamp(ev *Event, e *BaseEvent) int
	ResolveFileBasename(ev *Event, e *FileEvent) string
	ResolveFileFieldsGroup(ev *Event, e *FileFields) string
	ResolveFileFieldsInUpperLayer(ev *Event, e *FileFields) bool
	ResolveFileFieldsUser(ev *Event, e *FileFields) string
	ResolveFileFilesystem(ev *Event, e *FileEvent) string
	ResolveFilePath(ev *Event, e *FileEvent) string
	ResolveHashesFromEvent(ev *Event, e *FileEvent) []string
	ResolveHostname(ev *Event, e *BaseEvent) string
	ResolveIsIPPublic(ev *Event, e *IPPortContext) bool
	ResolveK8SGroups(ev *Event, e *UserSessionContext) []string
	ResolveK8SUID(ev *Event, e *UserSessionContext) string
	ResolveK8SUsername(ev *Event, e *UserSessionContext) string
	ResolveModuleArgs(ev *Event, e *LoadModuleEvent) string
	ResolveModuleArgv(ev *Event, e *LoadModuleEvent) []string
	ResolveMountPointPath(ev *Event, e *MountEvent) string
	ResolveMountRootPath(ev *Event, e *MountEvent) string
	ResolveMountSourcePath(ev *Event, e *MountEvent) string
	ResolveNetworkDeviceIfName(ev *Event, e *NetworkDeviceContext) string
	ResolveOnDemandArg1Str(ev *Event, e *OnDemandEvent) string
	ResolveOnDemandArg1Uint(ev *Event, e *OnDemandEvent) int
	ResolveOnDemandArg2Str(ev *Event, e *OnDemandEvent) string
	ResolveOnDemandArg2Uint(ev *Event, e *OnDemandEvent) int
	ResolveOnDemandArg3Str(ev *Event, e *OnDemandEvent) string
	ResolveOnDemandArg3Uint(ev *Event, e *OnDemandEvent) int
	ResolveOnDemandArg4Str(ev *Event, e *OnDemandEvent) string
	ResolveOnDemandArg4Uint(ev *Event, e *OnDemandEvent) int
	ResolveOnDemandName(ev *Event, e *OnDemandEvent) string
	ResolvePackageName(ev *Event, e *FileEvent) string
	ResolvePackageSourceVersion(ev *Event, e *FileEvent) string
	ResolvePackageVersion(ev *Event, e *FileEvent) string
	ResolveProcessArgs(ev *Event, e *Process) string
	ResolveProcessArgsFlags(ev *Event, e *Process) []string
	ResolveProcessArgsOptions(ev *Event, e *Process) []string
	ResolveProcessArgsScrubbed(ev *Event, e *Process) string
	ResolveProcessArgsTruncated(ev *Event, e *Process) bool
	ResolveProcessArgv(ev *Event, e *Process) []string
	ResolveProcessArgv0(ev *Event, e *Process) string
	ResolveProcessArgvScrubbed(ev *Event, e *Process) []string
	ResolveProcessCmdArgv(ev *Event, e *Process) []string
	ResolveProcessContainerID(ev *Event, e *Process) string
	ResolveProcessCreatedAt(ev *Event, e *Process) int
	ResolveProcessEnvp(ev *Event, e *Process) []string
	ResolveProcessEnvs(ev *Event, e *Process) []string
	ResolveProcessEnvsTruncated(ev *Event, e *Process) bool
	ResolveProcessIsThread(ev *Event, e *Process) bool
	ResolveRights(ev *Event, e *FileFields) int
	ResolveSELinuxBoolName(ev *Event, e *SELinuxEvent) string
	ResolveService(ev *Event, e *BaseEvent) string
	ResolveSetgidEGroup(ev *Event, e *SetgidEvent) string
	ResolveSetgidFSGroup(ev *Event, e *SetgidEvent) string
	ResolveSetgidGroup(ev *Event, e *SetgidEvent) string
	ResolveSetuidEUser(ev *Event, e *SetuidEvent) string
	ResolveSetuidFSUser(ev *Event, e *SetuidEvent) string
	ResolveSetuidUser(ev *Event, e *SetuidEvent) string
	ResolveSyscallCtxArgsInt1(ev *Event, e *SyscallContext) int
	ResolveSyscallCtxArgsInt2(ev *Event, e *SyscallContext) int
	ResolveSyscallCtxArgsInt3(ev *Event, e *SyscallContext) int
	ResolveSyscallCtxArgsStr1(ev *Event, e *SyscallContext) string
	ResolveSyscallCtxArgsStr2(ev *Event, e *SyscallContext) string
	ResolveSyscallCtxArgsStr3(ev *Event, e *SyscallContext) string
	ResolveXAttrName(ev *Event, e *SetXAttrEvent) string
	ResolveXAttrNamespace(ev *Event, e *SetXAttrEvent) string
	// custom handlers not tied to any fields
	ExtraFieldHandlers
}

type FileEvent

type FileEvent struct {
	FileFields

	PathnameStr string `field:"path,handler:ResolveFilePath,opts:length" op_override:"ProcessSymlinkPathname"`     // SECLDoc[path] Definition:`File's path` Example:`exec.file.path == "/usr/bin/apt"` Description:`Matches the execution of the file located at /usr/bin/apt` Example:`open.file.path == "/etc/passwd"` Description:`Matches any process opening the /etc/passwd file.`
	BasenameStr string `field:"name,handler:ResolveFileBasename,opts:length" op_override:"ProcessSymlinkBasename"` // SECLDoc[name] Definition:`File's basename` Example:`exec.file.name == "apt"` Description:`Matches the execution of any file named apt.`
	Filesystem  string `field:"filesystem,handler:ResolveFileFilesystem"`                                          // SECLDoc[filesystem] Definition:`File's filesystem`

	MountPath   string `field:"-"`
	MountSource uint32 `field:"-"`
	MountOrigin uint32 `field:"-"`

	PathResolutionError error `field:"-"`

	PkgName       string `field:"package.name,handler:ResolvePackageName"`                    // SECLDoc[package.name] Definition:`[Experimental] Name of the package that provided this file`
	PkgVersion    string `field:"package.version,handler:ResolvePackageVersion"`              // SECLDoc[package.version] Definition:`[Experimental] Full version of the package that provided this file`
	PkgSrcVersion string `field:"package.source_version,handler:ResolvePackageSourceVersion"` // SECLDoc[package.source_version] Definition:`[Experimental] Full version of the source package of the package that provided this file`

	HashState HashState `field:"-"`
	Hashes    []string  `field:"hashes,handler:ResolveHashesFromEvent,opts:skip_ad,weight:999"` // SECLDoc[hashes] Definition:`[Experimental] List of cryptographic hashes computed for this file`

	// used to mark as already resolved, can be used in case of empty path
	IsPathnameStrResolved bool `field:"-"`
	IsBasenameStrResolved bool `field:"-"`
}

FileEvent is the common file event type

func (*FileEvent) Equals added in v0.47.0

func (e *FileEvent) Equals(o *FileEvent) bool

Equals compare two FileEvent

func (*FileEvent) GetPathResolutionError

func (e *FileEvent) GetPathResolutionError() string

GetPathResolutionError returns the path resolution error as a string if there is one

func (*FileEvent) IsOverlayFS added in v0.46.0

func (e *FileEvent) IsOverlayFS() bool

IsOverlayFS returns whether it is an overlay fs

func (*FileEvent) SetBasenameStr added in v0.36.0

func (e *FileEvent) SetBasenameStr(str string)

SetBasenameStr set and mark as resolved

func (*FileEvent) SetPathnameStr added in v0.36.0

func (e *FileEvent) SetPathnameStr(str string)

SetPathnameStr set and mark as resolved

func (*FileEvent) UnmarshalBinary

func (e *FileEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type FileFields

type FileFields struct {
	UID   uint32 `field:"uid"`                                           // SECLDoc[uid] Definition:`UID of the file's owner`
	User  string `field:"user,handler:ResolveFileFieldsUser"`            // SECLDoc[user] Definition:`User of the file's owner`
	GID   uint32 `field:"gid"`                                           // SECLDoc[gid] Definition:`GID of the file's owner`
	Group string `field:"group,handler:ResolveFileFieldsGroup"`          // SECLDoc[group] Definition:`Group of the file's owner`
	Mode  uint16 `field:"mode;rights,handler:ResolveRights,opts:helper"` // SECLDoc[mode] Definition:`Mode of the file` Constants:`Inode mode constants` SECLDoc[rights] Definition:`Rights of the file` Constants:`File mode constants`
	CTime uint64 `field:"change_time"`                                   // SECLDoc[change_time] Definition:`Change time (ctime) of the file`
	MTime uint64 `field:"modification_time"`                             // SECLDoc[modification_time] Definition:`Modification time (mtime) of the file`

	PathKey
	Device uint32 `field:"-"`

	InUpperLayer bool `field:"in_upper_layer,handler:ResolveFileFieldsInUpperLayer"` // SECLDoc[in_upper_layer] Definition:`Indicator of the file layer, for example, in an OverlayFS`

	NLink uint32 `field:"-"`
	Flags int32  `field:"-"`
}

FileFields holds the information required to identify a file

func (*FileFields) Equals added in v0.47.0

func (f *FileFields) Equals(o *FileFields) bool

Equals compares two FileFields

func (*FileFields) GetInLowerLayer

func (f *FileFields) GetInLowerLayer() bool

GetInLowerLayer returns whether a file is in a lower layer

func (*FileFields) GetInUpperLayer

func (f *FileFields) GetInUpperLayer() bool

GetInUpperLayer returns whether a file is in the upper layer

func (f *FileFields) HasHardLinks() bool

HasHardLinks returns whether the file has hardlink

func (*FileFields) IsFileless added in v0.42.0

func (f *FileFields) IsFileless() bool

IsFileless return whether it is a file less access

func (*FileFields) MarshalBinary added in v0.36.0

func (e *FileFields) MarshalBinary(data []byte) (int, error)

MarshalBinary marshals a binary representation of itself

func (*FileFields) UnmarshalBinary

func (e *FileFields) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type FileMode added in v0.46.0

type FileMode int

FileMode represents a file mode bitmask value

func (FileMode) String added in v0.46.0

func (m FileMode) String() string

type HashAlgorithm added in v0.47.0

type HashAlgorithm int

HashAlgorithm is used to configure the hash algorithms of the hash resolver

const (
	// SHA1 is used to identify a SHA1 hash
	SHA1 HashAlgorithm = iota
	// SHA256 is used to identify a SHA256 hash
	SHA256
	// MD5 is used to identify a MD5 hash
	MD5
	// SSDEEP is used to identify a SSDEEP hash
	SSDEEP
	// MaxHashAlgorithm is used for initializations
	MaxHashAlgorithm
)

func (HashAlgorithm) String added in v0.47.0

func (ha HashAlgorithm) String() string

type HashState added in v0.47.0

type HashState int

HashState is used to prevent the hash resolver from retrying to hash a file

const (
	// NoHash means that computing a hash hasn't been attempted
	NoHash HashState = iota
	// Done means that the hashes were already computed
	Done
	// FileNotFound means that the underlying file is not longer available to compute the hash
	FileNotFound
	// PathnameResolutionError means that the underlying file wasn't properly resolved
	PathnameResolutionError
	// FileTooBig means that the underlying file is larger than the hash resolver file size limit
	FileTooBig
	// FileEmpty means that the underlying file is empty
	FileEmpty
	// FileOpenError is a generic hash state to say that we couldn't open the file
	FileOpenError
	// EventTypeNotConfigured means that the event type prevents a hash from being computed
	EventTypeNotConfigured
	// HashWasRateLimited means that the hash will be tried again later, it was rate limited
	HashWasRateLimited
	// HashFailed means that the hashing failed
	HashFailed
	// MaxHashState is used for initializations
	MaxHashState
)

func (HashState) String added in v0.47.0

func (i HashState) String() string

type IMDSEvent added in v0.55.0

type IMDSEvent struct {
	Type          string `field:"type"`           // SECLDoc[type] Definition:`the type of IMDS event`
	CloudProvider string `field:"cloud_provider"` // SECLDoc[cloud_provider] Definition:`the intended cloud provider of the IMDS event`
	URL           string `field:"url"`            // SECLDoc[url] Definition:`the queried IMDS URL`
	Host          string `field:"host"`           // SECLDoc[host] Definition:`the host of the HTTP protocol`
	UserAgent     string `field:"user_agent"`     // SECLDoc[user_agent] Definition:`the user agent of the HTTP client`
	Server        string `field:"server"`         // SECLDoc[server] Definition:`the server header of a response`

	// The fields below are optional and cloud specific fields
	AWS AWSIMDSEvent `field:"aws"` // SECLDoc[aws] Definition:`the AWS specific data parsed from the IMDS event`
}

IMDSEvent represents an IMDS event

func (*IMDSEvent) UnmarshalBinary added in v0.55.0

func (e *IMDSEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type IPPortContext added in v0.36.0

type IPPortContext struct {
	IPNet            net.IPNet `field:"ip"`                                  // SECLDoc[ip] Definition:`IP address`
	Port             uint16    `field:"port"`                                // SECLDoc[port] Definition:`Port number`
	IsPublic         bool      `field:"is_public,handler:ResolveIsIPPublic"` // SECLDoc[is_public] Definition:`Whether the IP address belongs to a public network`
	IsPublicResolved bool      `field:"-"`
}

IPPortContext is used to hold an IP and Port

type InodeMode added in v0.46.0

type InodeMode int

InodeMode represents an inode mode bitmask value

func (InodeMode) String added in v0.46.0

func (m InodeMode) String() string

type InvalidateDentryEvent

type InvalidateDentryEvent struct {
	Inode   uint64
	MountID uint32
}

InvalidateDentryEvent defines a invalidate dentry event

func (*InvalidateDentryEvent) UnmarshalBinary

func (e *InvalidateDentryEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type KernelCapability

type KernelCapability uint64

KernelCapability represents a kernel capability bitmask value

func (KernelCapability) String

func (kc KernelCapability) String() string

func (KernelCapability) StringArray

func (kc KernelCapability) StringArray() []string

StringArray returns the kernel capabilities as an array of strings

type L3Protocol added in v0.36.0

type L3Protocol uint16

L3Protocol Network protocols

const (
	// EthPLOOP Ethernet Loopback packet
	EthPLOOP L3Protocol = 0x0060
	// EthPPUP Xerox PUP packet
	EthPPUP L3Protocol = 0x0200
	// EthPPUPAT Xerox PUP Addr Trans packet
	EthPPUPAT L3Protocol = 0x0201
	// EthPTSN TSN (IEEE 1722) packet
	EthPTSN L3Protocol = 0x22F0
	// EthPIP Internet Protocol packet
	EthPIP L3Protocol = 0x0800
	// EthPX25 CCITT X.25
	EthPX25 L3Protocol = 0x0805
	// EthPARP Address Resolution packet
	EthPARP L3Protocol = 0x0806
	// EthPBPQ G8BPQ AX.25 Ethernet Packet    [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPBPQ L3Protocol = 0x08FF
	// EthPIEEEPUP Xerox IEEE802.3 PUP packet
	EthPIEEEPUP L3Protocol = 0x0a00
	// EthPIEEEPUPAT Xerox IEEE802.3 PUP Addr Trans packet
	EthPIEEEPUPAT L3Protocol = 0x0a01
	// EthPBATMAN B.A.T.M.A.N.-Advanced packet [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPBATMAN L3Protocol = 0x4305
	// EthPDEC DEC Assigned proto
	EthPDEC L3Protocol = 0x6000
	// EthPDNADL DEC DNA Dump/Load
	EthPDNADL L3Protocol = 0x6001
	// EthPDNARC DEC DNA Remote Console
	EthPDNARC L3Protocol = 0x6002
	// EthPDNART DEC DNA Routing
	EthPDNART L3Protocol = 0x6003
	// EthPLAT DEC LAT
	EthPLAT L3Protocol = 0x6004
	// EthPDIAG DEC Diagnostics
	EthPDIAG L3Protocol = 0x6005
	// EthPCUST DEC Customer use
	EthPCUST L3Protocol = 0x6006
	// EthPSCA DEC Systems Comms Arch
	EthPSCA L3Protocol = 0x6007
	// EthPTEB Trans Ether Bridging
	EthPTEB L3Protocol = 0x6558
	// EthPRARP Reverse Addr Res packet
	EthPRARP L3Protocol = 0x8035
	// EthPATALK Appletalk DDP
	EthPATALK L3Protocol = 0x809B
	// EthPAARP Appletalk AARP
	EthPAARP L3Protocol = 0x80F3
	// EthP8021Q 802.1Q VLAN Extended Header
	EthP8021Q L3Protocol = 0x8100
	// EthPERSPAN ERSPAN type II
	EthPERSPAN L3Protocol = 0x88BE
	// EthPIPX IPX over DIX
	EthPIPX L3Protocol = 0x8137
	// EthPIPV6 IPv6 over bluebook
	EthPIPV6 L3Protocol = 0x86DD
	// EthPPAUSE IEEE Pause frames. See 802.3 31B
	EthPPAUSE L3Protocol = 0x8808
	// EthPSLOW Slow Protocol. See 802.3ad 43B
	EthPSLOW L3Protocol = 0x8809
	// EthPWCCP Web-cache coordination protocol defined in draft-wilson-wrec-wccp-v2-00.txt
	EthPWCCP L3Protocol = 0x883E
	// EthPMPLSUC MPLS Unicast traffic
	EthPMPLSUC L3Protocol = 0x8847
	// EthPMPLSMC MPLS Multicast traffic
	EthPMPLSMC L3Protocol = 0x8848
	// EthPATMMPOA MultiProtocol Over ATM
	EthPATMMPOA L3Protocol = 0x884c
	// EthPPPPDISC PPPoE discovery messages
	EthPPPPDISC L3Protocol = 0x8863
	// EthPPPPSES PPPoE session messages
	EthPPPPSES L3Protocol = 0x8864
	// EthPLinkCTL HPNA, wlan link local tunnel
	EthPLinkCTL L3Protocol = 0x886c
	// EthPATMFATE Frame-based ATM Transport over Ethernet
	EthPATMFATE L3Protocol = 0x8884
	// EthPPAE Port Access Entity (IEEE 802.1X)
	EthPPAE L3Protocol = 0x888E
	// EthPAOE ATA over Ethernet
	EthPAOE L3Protocol = 0x88A2
	// EthP8021AD 802.1ad Service VLAN
	EthP8021AD L3Protocol = 0x88A8
	// EthP802EX1 802.1 Local Experimental 1.
	EthP802EX1 L3Protocol = 0x88B5
	// EthPTIPC TIPC
	EthPTIPC L3Protocol = 0x88CA
	// EthPMACSEC 802.1ae MACsec
	EthPMACSEC L3Protocol = 0x88E5
	// EthP8021AH 802.1ah Backbone Service Tag
	EthP8021AH L3Protocol = 0x88E7
	// EthPMVRP 802.1Q MVRP
	EthPMVRP L3Protocol = 0x88F5
	// EthP1588 IEEE 1588 Timesync
	EthP1588 L3Protocol = 0x88F7
	// EthPNCSI NCSI protocol
	EthPNCSI L3Protocol = 0x88F8
	// EthPPRP IEC 62439-3 PRP/HSRv0
	EthPPRP L3Protocol = 0x88FB
	// EthPFCOE Fibre Channel over Ethernet
	EthPFCOE L3Protocol = 0x8906
	// EthPIBOE Infiniband over Ethernet
	EthPIBOE L3Protocol = 0x8915
	// EthPTDLS TDLS
	EthPTDLS L3Protocol = 0x890D
	// EthPFIP FCoE Initialization Protocol
	EthPFIP L3Protocol = 0x8914
	// EthP80221 IEEE 802.21 Media Independent Handover Protocol
	EthP80221 L3Protocol = 0x8917
	// EthPHSR IEC 62439-3 HSRv1
	EthPHSR L3Protocol = 0x892F
	// EthPNSH Network Service Header
	EthPNSH L3Protocol = 0x894F
	// EthPLOOPBACK Ethernet loopback packet, per IEEE 802.3
	EthPLOOPBACK L3Protocol = 0x9000
	// EthPQINQ1 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPQINQ1 L3Protocol = 0x9100
	// EthPQINQ2 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPQINQ2 L3Protocol = 0x9200
	// EthPQINQ3 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPQINQ3 L3Protocol = 0x9300
	// EthPEDSA Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPEDSA L3Protocol = 0xDADA
	// EthPIFE ForCES inter-FE LFB type
	EthPIFE L3Protocol = 0xED3E
	// EthPAFIUCV IBM afiucv [ NOT AN OFFICIALLY REGISTERED ID ]
	EthPAFIUCV L3Protocol = 0xFBFB
	// EthP8023MIN If the value in the ethernet type is less than this value then the frame is Ethernet II. Else it is 802.3
	EthP8023MIN L3Protocol = 0x0600
	// EthPIPV6HopByHop IPv6 Hop by hop option
	EthPIPV6HopByHop L3Protocol = 0x000
	// EthP8023 Dummy type for 802.3 frames
	EthP8023 L3Protocol = 0x0001
	// EthPAX25 Dummy protocol id for AX.25
	EthPAX25 L3Protocol = 0x0002
	// EthPALL Every packet (be careful!!!)
	EthPALL L3Protocol = 0x0003
	// EthP8022 802.2 frames
	EthP8022 L3Protocol = 0x0004
	// EthPSNAP Internal only
	EthPSNAP L3Protocol = 0x0005
	// EthPDDCMP DEC DDCMP: Internal only
	EthPDDCMP L3Protocol = 0x0006
	// EthPWANPPP Dummy type for WAN PPP frames*/
	EthPWANPPP L3Protocol = 0x0007
	// EthPPPPMP Dummy type for PPP MP frames
	EthPPPPMP L3Protocol = 0x0008
	// EthPLOCALTALK Localtalk pseudo type
	EthPLOCALTALK L3Protocol = 0x0009
	// EthPCAN CAN: Controller Area Network
	EthPCAN L3Protocol = 0x000C
	// EthPCANFD CANFD: CAN flexible data rate*/
	EthPCANFD L3Protocol = 0x000D
	// EthPPPPTALK Dummy type for Atalk over PPP*/
	EthPPPPTALK L3Protocol = 0x0010
	// EthPTR8022 802.2 frames
	EthPTR8022 L3Protocol = 0x0011
	// EthPMOBITEX Mobitex (kaz@cafe.net)
	EthPMOBITEX L3Protocol = 0x0015
	// EthPCONTROL Card specific control frames
	EthPCONTROL L3Protocol = 0x0016
	// EthPIRDA Linux-IrDA
	EthPIRDA L3Protocol = 0x0017
	// EthPECONET Acorn Econet
	EthPECONET L3Protocol = 0x0018
	// EthPHDLC HDLC frames
	EthPHDLC L3Protocol = 0x0019
	// EthPARCNET 1A for ArcNet :-)
	EthPARCNET L3Protocol = 0x001A
	// EthPDSA Distributed Switch Arch.
	EthPDSA L3Protocol = 0x001B
	// EthPTRAILER Trailer switch tagging
	EthPTRAILER L3Protocol = 0x001C
	// EthPPHONET Nokia Phonet frames
	EthPPHONET L3Protocol = 0x00F5
	// EthPIEEE802154 IEEE802.15.4 frame
	EthPIEEE802154 L3Protocol = 0x00F6
	// EthPCAIF ST-Ericsson CAIF protocol
	EthPCAIF L3Protocol = 0x00F7
	// EthPXDSA Multiplexed DSA protocol
	EthPXDSA L3Protocol = 0x00F8
	// EthPMAP Qualcomm multiplexing and aggregation protocol
	EthPMAP L3Protocol = 0x00F9
)

func (L3Protocol) String added in v0.36.0

func (proto L3Protocol) String() string

type L4Protocol added in v0.36.0

type L4Protocol uint16

L4Protocol transport protocols

const (
	// IPProtoIP Dummy protocol for TCP
	IPProtoIP L4Protocol = 0
	// IPProtoICMP Internet Control Message Protocol (IPv4)
	IPProtoICMP L4Protocol = 1
	// IPProtoIGMP Internet Group Management Protocol
	IPProtoIGMP L4Protocol = 2
	// IPProtoIPIP IPIP tunnels (older KA9Q tunnels use 94)
	IPProtoIPIP L4Protocol = 4
	// IPProtoTCP Transmission Control Protocol
	IPProtoTCP L4Protocol = 6
	// IPProtoEGP Exterior Gateway Protocol
	IPProtoEGP L4Protocol = 8
	// IPProtoIGP Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP))
	IPProtoIGP L4Protocol = 9
	// IPProtoPUP PUP protocol
	IPProtoPUP L4Protocol = 12
	// IPProtoUDP User Datagram Protocol
	IPProtoUDP L4Protocol = 17
	// IPProtoIDP XNS IDP protocol
	IPProtoIDP L4Protocol = 22
	// IPProtoTP SO Transport Protocol Class 4
	IPProtoTP L4Protocol = 29
	// IPProtoDCCP Datagram Congestion Control Protocol
	IPProtoDCCP L4Protocol = 33
	// IPProtoIPV6 IPv6-in-IPv4 tunnelling
	IPProtoIPV6 L4Protocol = 41
	// IPProtoRSVP RSVP Protocol
	IPProtoRSVP L4Protocol = 46
	// IPProtoGRE Cisco GRE tunnels (rfc 1701,1702)
	IPProtoGRE L4Protocol = 47
	// IPProtoESP Encapsulation Security Payload protocol
	IPProtoESP L4Protocol = 50
	// IPProtoAH Authentication Header protocol
	IPProtoAH L4Protocol = 51
	// IPProtoICMPV6 Internet Control Message Protocol (IPv6)
	IPProtoICMPV6 L4Protocol = 58
	// IPProtoMTP Multicast Transport Protocol
	IPProtoMTP L4Protocol = 92
	// IPProtoBEETPH IP option pseudo header for BEET
	IPProtoBEETPH L4Protocol = 94
	// IPProtoENCAP Encapsulation Header
	IPProtoENCAP L4Protocol = 98
	// IPProtoPIM Protocol Independent Multicast
	IPProtoPIM L4Protocol = 103
	// IPProtoCOMP Compression Header Protocol
	IPProtoCOMP L4Protocol = 108
	// IPProtoSCTP Stream Control Transport Protocol
	IPProtoSCTP L4Protocol = 132
	// IPProtoUDPLITE UDP-Lite (RFC 3828)
	IPProtoUDPLITE L4Protocol = 136
	// IPProtoMPLS MPLS in IP (RFC 4023)
	IPProtoMPLS L4Protocol = 137
	// IPProtoRAW Raw IP packets
	IPProtoRAW L4Protocol = 255
)

func (L4Protocol) String added in v0.36.0

func (proto L4Protocol) String() string

type LinkEvent

type LinkEvent struct {
	SyscallEvent
	SyscallContext
	Source FileEvent `field:"file"`
	Target FileEvent `field:"file.destination"`

	// Syscall context aliases
	SyscallPath            string `field:"syscall.path,ref:link.syscall.str1"`             // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
	SyscallDestinationPath string `field:"syscall.destination.path,ref:link.syscall.str2"` // SECLDoc[syscall.destination.path] Definition:`Destination path argument of the syscall`
}

LinkEvent represents a link event

func (*LinkEvent) UnmarshalBinary

func (e *LinkEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type LinuxBinprm added in v0.40.0

type LinuxBinprm struct {
	FileEvent FileEvent `field:"file"`
}

LinuxBinprm contains content from the linux_binprm struct, which holds the arguments used for loading binaries

type LoadModuleEvent added in v0.35.0

type LoadModuleEvent struct {
	SyscallEvent

	File             FileEvent `field:"file"`                           // Path to the kernel module file
	LoadedFromMemory bool      `field:"loaded_from_memory"`             // SECLDoc[loaded_from_memory] Definition:`Indicates if the kernel module was loaded from memory`
	Name             string    `field:"name"`                           // SECLDoc[name] Definition:`Name of the new kernel module`
	Args             string    `field:"args,handler:ResolveModuleArgs"` // SECLDoc[args] Definition:`Parameters (as a string) of the new kernel module`
	Argv             []string  `field:"argv,handler:ResolveModuleArgv"` // SECLDoc[argv] Definition:`Parameters (as an array) of the new kernel module`
	ArgsTruncated    bool      `field:"args_truncated"`                 // SECLDoc[args_truncated] Definition:`Indicates if the arguments were truncated or not`
}

LoadModuleEvent represents a load_module event

func (*LoadModuleEvent) UnmarshalBinary added in v0.35.0

func (e *LoadModuleEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type LoginUIDWriteEvent added in v0.57.0

type LoginUIDWriteEvent struct {
	AUID uint32 `field:"-"`
}

LoginUIDWriteEvent is used to propagate login UID updates to user space

func (*LoginUIDWriteEvent) UnmarshalBinary added in v0.57.0

func (e *LoginUIDWriteEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type MMapEvent added in v0.34.0

type MMapEvent struct {
	SyscallEvent

	File       FileEvent `field:"file"`
	Addr       uint64    `field:"-"`
	Offset     uint64    `field:"-"`
	Len        uint64    `field:"-"`
	Protection uint64    `field:"protection"` // SECLDoc[protection] Definition:`memory segment protection` Constants:`Protection constants`
	Flags      uint64    `field:"flags"`      // SECLDoc[flags] Definition:`memory segment flags` Constants:`MMap flags`
}

MMapEvent represents a mmap event

func (*MMapEvent) UnmarshalBinary added in v0.34.0

func (e *MMapEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type MMapFlag added in v0.34.0

type MMapFlag uint64

MMapFlag represents a mmap flag value

func (MMapFlag) String added in v0.34.0

func (mmf MMapFlag) String() string

type MProtectEvent added in v0.34.0

type MProtectEvent struct {
	SyscallEvent

	VMStart       uint64 `field:"-"`
	VMEnd         uint64 `field:"-"`
	VMProtection  int    `field:"vm_protection"`  // SECLDoc[vm_protection] Definition:`initial memory segment protection` Constants:`Virtual Memory flags`
	ReqProtection int    `field:"req_protection"` // SECLDoc[req_protection] Definition:`new memory segment protection` Constants:`Virtual Memory flags`
}

MProtectEvent represents a mprotect event

func (*MProtectEvent) UnmarshalBinary added in v0.34.0

func (e *MProtectEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type MatchedRule added in v0.44.0

type MatchedRule struct {
	RuleID        string
	RuleVersion   string
	RuleTags      map[string]string
	PolicyName    string
	PolicyVersion string
}

MatchedRule contains the identification of one rule that has match

func AppendMatchedRule added in v0.44.0

func AppendMatchedRule(list []*MatchedRule, toAdd []*MatchedRule) []*MatchedRule

AppendMatchedRule appends two lists, but avoiding duplicates

func NewMatchedRule added in v0.44.0

func NewMatchedRule(ruleID, ruleVersion string, ruleTags map[string]string, policyName, policyVersion string) *MatchedRule

NewMatchedRule return a new MatchedRule instance

func (*MatchedRule) Match added in v0.44.0

func (mr *MatchedRule) Match(mr2 *MatchedRule) bool

Match returns true if the rules are equal

type MkdirEvent

type MkdirEvent struct {
	SyscallEvent
	File FileEvent `field:"file"`
	Mode uint32    `field:"file.destination.mode; file.destination.rights"` // SECLDoc[file.destination.mode] Definition:`Mode of the new directory` Constants:`File mode constants` SECLDoc[file.destination.rights] Definition:`Rights of the new directory` Constants:`File mode constants`
}

MkdirEvent represents a mkdir event

func (*MkdirEvent) UnmarshalBinary

func (e *MkdirEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type Model

type Model struct {
	ExtraValidateFieldFnc func(field eval.Field, fieldValue eval.FieldValue) error
}

Model describes the data model for the runtime security agent events

func (*Model) GetEvaluator

func (m *Model) GetEvaluator(field eval.Field, regID eval.RegisterID) (eval.Evaluator, error)

func (*Model) GetEventTypes

func (m *Model) GetEventTypes() []eval.EventType

func (*Model) GetFieldRestrictions added in v0.57.0

func (m *Model) GetFieldRestrictions(field eval.Field) []eval.EventType

func (*Model) NewDefaultEventWithType added in v0.43.0

func (m *Model) NewDefaultEventWithType(kind EventType) eval.Event

NewDefaultEventWithType returns a new Event for the given type

func (*Model) NewEvent

func (m *Model) NewEvent() eval.Event

NewEvent returns a new Event

func (*Model) ValidateField

func (m *Model) ValidateField(field eval.Field, fieldValue eval.FieldValue) error

ValidateField validates the value of a field

type Mount added in v0.42.0

type Mount struct {
	MountID        uint32  `field:"-"`
	Device         uint32  `field:"-"`
	ParentPathKey  PathKey `field:"-"`
	RootPathKey    PathKey `field:"-"`
	BindSrcMountID uint32  `field:"-"`
	FSType         string  `field:"fs_type"` // SECLDoc[fs_type] Definition:`Type of the mounted file system`
	MountPointStr  string  `field:"-"`
	RootStr        string  `field:"-"`
	Path           string  `field:"-"`
	Origin         uint32  `field:"-"`
}

Mount represents a mountpoint (used by MountEvent and UnshareMountNSEvent)

func (*Mount) GetFSType added in v0.42.0

func (m *Mount) GetFSType() string

GetFSType returns the filesystem type of the mountpoint

func (*Mount) IsOverlayFS added in v0.42.0

func (m *Mount) IsOverlayFS() bool

IsOverlayFS returns whether it is an overlay fs

func (*Mount) UnmarshalBinary added in v0.42.0

func (m *Mount) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type MountEvent

type MountEvent struct {
	SyscallEvent
	SyscallContext
	Mount
	MountPointPath                 string `field:"mountpoint.path,handler:ResolveMountPointPath"` // SECLDoc[mountpoint.path] Definition:`Path of the mount point`
	MountSourcePath                string `field:"source.path,handler:ResolveMountSourcePath"`    // SECLDoc[source.path] Definition:`Source path of a bind mount`
	MountRootPath                  string `field:"root.path,handler:ResolveMountRootPath"`        // SECLDoc[root.path] Definition:`Root path of the mount`
	MountPointPathResolutionError  error  `field:"-"`
	MountSourcePathResolutionError error  `field:"-"`
	MountRootPathResolutionError   error  `field:"-"`

	// Syscall context aliases
	SyscallSourcePath     string `field:"syscall.source.path,ref:mount.syscall.str1"`     // SECLDoc[syscall.source.path] Definition:`Source path argument of the syscall`
	SyscallMountpointPath string `field:"syscall.mountpoint.path,ref:mount.syscall.str2"` // SECLDoc[syscall.mountpoint.path] Definition:`Mount point path argument of the syscall`
	SyscallFSType         string `field:"syscall.fs_type,ref:mount.syscall.str3"`         // SECLDoc[syscall.fs_type] Definition:`File system type argument of the syscall`
}

MountEvent represents a mount event

func (*MountEvent) UnmarshalBinary

func (e *MountEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type MountOrigin added in v0.55.0

type MountOrigin = uint32

MountOrigin origin of the mount

const (
	MountOriginUnknown MountOrigin = iota // MountOriginUnknown unknown mount origin
	MountOriginProcfs                     //MountOriginProcfs mount point info from procfs
	MountOriginEvent                      // MountOriginEvent mount point info from an event
	MountOriginUnshare                    // MountOriginUnshare mount point info from an event
)

type MountReleasedEvent

type MountReleasedEvent struct {
	MountID uint32
}

MountReleasedEvent defines a mount released event

func (*MountReleasedEvent) UnmarshalBinary

func (e *MountReleasedEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type MountSource added in v0.55.0

type MountSource = uint32

MountSource source of the mount

const (
	MountSourceUnknown  MountSource = iota // MountSourceUnknown mount resolved from unknow source
	MountSourceMountID                     // MountSourceMountID mount resolved with the mount id
	MountSourceDevice                      // MountSourceDevice mount resolved with the device
	MountSourceSnapshot                    // MountSourceSnapshot mount resolved from the snapshot
)

type NetDevice added in v0.36.0

type NetDevice struct {
	Name        string
	NetNS       uint32
	IfIndex     uint32
	PeerNetNS   uint32
	PeerIfIndex uint32
}

NetDevice represents a network device

func (NetDevice) GetKey added in v0.36.0

func (d NetDevice) GetKey() string

GetKey returns a key to uniquely identify a network device on the system

func (*NetDevice) UnmarshalBinary added in v0.36.0

func (d *NetDevice) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type NetDeviceEvent added in v0.36.0

type NetDeviceEvent struct {
	SyscallEvent

	Device NetDevice
}

NetDeviceEvent represents a network device event

func (*NetDeviceEvent) UnmarshalBinary added in v0.36.0

func (e *NetDeviceEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type NetworkContext added in v0.36.0

type NetworkContext struct {
	Device NetworkDeviceContext `field:"device"` // network device on which the network packet was captured

	L3Protocol  uint16        `field:"l3_protocol"` // SECLDoc[l3_protocol] Definition:`L3 protocol of the network packet` Constants:`L3 protocols`
	L4Protocol  uint16        `field:"l4_protocol"` // SECLDoc[l4_protocol] Definition:`L4 protocol of the network packet` Constants:`L4 protocols`
	Source      IPPortContext `field:"source"`      // source of the network packet
	Destination IPPortContext `field:"destination"` // destination of the network packet
	Size        uint32        `field:"size"`        // SECLDoc[size] Definition:`Size in bytes of the network packet`
}

NetworkContext represents the network context of the event

func (*NetworkContext) IsZero added in v0.59.0

func (nc *NetworkContext) IsZero() bool

IsZero returns if there is a network context

func (*NetworkContext) UnmarshalBinary added in v0.36.0

func (e *NetworkContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type NetworkDeviceContext added in v0.36.0

type NetworkDeviceContext struct {
	NetNS   uint32 `field:"-"`
	IfIndex uint32 `field:"-"`
	IfName  string `field:"ifname,handler:ResolveNetworkDeviceIfName"` // SECLDoc[ifname] Definition:`Interface ifname`
}

NetworkDeviceContext represents the network device context of a network event

func (*NetworkDeviceContext) UnmarshalBinary added in v0.36.0

func (e *NetworkDeviceContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type OnDemandEvent added in v0.56.0

type OnDemandEvent struct {
	ID       uint32    `field:"-"`
	Name     string    `field:"name,handler:ResolveOnDemandName"`
	Data     [256]byte `field:"-"`
	Arg1Str  string    `field:"arg1.str,handler:ResolveOnDemandArg1Str"`
	Arg1Uint uint64    `field:"arg1.uint,handler:ResolveOnDemandArg1Uint"`
	Arg2Str  string    `field:"arg2.str,handler:ResolveOnDemandArg2Str"`
	Arg2Uint uint64    `field:"arg2.uint,handler:ResolveOnDemandArg2Uint"`
	Arg3Str  string    `field:"arg3.str,handler:ResolveOnDemandArg3Str"`
	Arg3Uint uint64    `field:"arg3.uint,handler:ResolveOnDemandArg3Uint"`
	Arg4Str  string    `field:"arg4.str,handler:ResolveOnDemandArg4Str"`
	Arg4Uint uint64    `field:"arg4.uint,handler:ResolveOnDemandArg4Uint"`
}

OnDemandEvent identifies an on-demand event generated from on-demand probes

func (*OnDemandEvent) UnmarshalBinary added in v0.56.0

func (e *OnDemandEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type OpenEvent

type OpenEvent struct {
	SyscallEvent
	SyscallContext
	File  FileEvent `field:"file"`
	Flags uint32    `field:"flags"`                 // SECLDoc[flags] Definition:`Flags used when opening the file` Constants:`Open flags`
	Mode  uint32    `field:"file.destination.mode"` // SECLDoc[file.destination.mode] Definition:`Mode of the created file` Constants:`File mode constants`

	// Syscall context aliases
	SyscallPath  string `field:"syscall.path,ref:open.syscall.str1"`  // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
	SyscallFlags uint32 `field:"syscall.flags,ref:open.syscall.int2"` // SECLDoc[syscall.flags] Definition:`Flags argument of the syscall`
	SyscallMode  uint32 `field:"syscall.mode,ref:open.syscall.int3"`  // SECLDoc[syscall.mode] Definition:`Mode argument of the syscall`
}

OpenEvent represents an open event

func (*OpenEvent) UnmarshalBinary

func (e *OpenEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type OpenFlags

type OpenFlags int

OpenFlags represents an open flags bitmask value

func (OpenFlags) String

func (f OpenFlags) String() string

func (OpenFlags) StringArray

func (f OpenFlags) StringArray() []string

StringArray returns the open flags as an array of strings

type PIDContext added in v0.37.0

type PIDContext struct {
	Pid       uint32 `field:"pid"` // SECLDoc[pid] Definition:`Process ID of the process (also called thread group ID)`
	Tid       uint32 `field:"tid"` // SECLDoc[tid] Definition:`Thread ID of the thread`
	NetNS     uint32 `field:"-"`
	IsKworker bool   `field:"is_kworker"` // SECLDoc[is_kworker] Definition:`Indicates whether the process is a kworker`
	ExecInode uint64 `field:"-"`          // used to track exec and event loss
	// used for ebpfless
	NSID uint64 `field:"-"`
}

PIDContext holds the process context of a kernel event

func (*PIDContext) UnmarshalBinary added in v0.37.0

func (p *PIDContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself, process_context_t kernel side

type PTraceEvent added in v0.34.0

type PTraceEvent struct {
	SyscallEvent

	Request uint32          `field:"request"` // SECLDoc[request] Definition:`ptrace request` Constants:`Ptrace constants`
	PID     uint32          `field:"-"`
	NSPID   uint32          `field:"-"`
	Address uint64          `field:"-"`
	Tracee  *ProcessContext `field:"tracee"` // process context of the tracee
}

PTraceEvent represents a ptrace event

func (*PTraceEvent) UnmarshalBinary added in v0.34.0

func (e *PTraceEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type PTraceRequest added in v0.34.0

type PTraceRequest uint32

PTraceRequest represents a ptrace request value

func (PTraceRequest) String added in v0.34.0

func (f PTraceRequest) String() string

type PathKey added in v0.44.0

type PathKey struct {
	Inode   uint64 `field:"inode"`    // SECLDoc[inode] Definition:`Inode of the file`
	MountID uint32 `field:"mount_id"` // SECLDoc[mount_id] Definition:`Mount ID of the file`
	PathID  uint32 `field:"-"`
}

PathKey identifies an entry in the dentry cache

func (*PathKey) IsNull added in v0.44.0

func (p *PathKey) IsNull() bool

IsNull returns true if a key is invalid

func (*PathKey) MarshalBinary added in v0.44.0

func (p *PathKey) MarshalBinary() ([]byte, error)

MarshalBinary returns the binary representation of a path key

func (*PathKey) String added in v0.44.0

func (p *PathKey) String() string

func (*PathKey) UnmarshalBinary added in v0.44.0

func (p *PathKey) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals the given content

func (*PathKey) Write added in v0.44.0

func (p *PathKey) Write(buffer []byte)

type PathLeaf added in v0.45.0

type PathLeaf struct {
	Parent  PathKey
	Name    [MaxSegmentLength + 1]byte
	Len     uint16
	Padding [6]uint8
}

PathLeaf is the go representation of the eBPF path_leaf_t structure

func (*PathLeaf) GetName added in v0.45.0

func (pl *PathLeaf) GetName() string

GetName returns the path value as a string

func (*PathLeaf) MarshalBinary added in v0.45.0

func (pl *PathLeaf) MarshalBinary() ([]byte, error)

MarshalBinary returns the binary representation of a path key

func (*PathLeaf) SetName added in v0.45.0

func (pl *PathLeaf) SetName(name string)

SetName sets the path name

type PipeBufFlag added in v0.35.0

type PipeBufFlag int

PipeBufFlag represents a pipe buffer flag

const (
	// PipeBufFlagLRU pipe buffer flag
	PipeBufFlagLRU PipeBufFlag = 0x1 /* page is on the LRU */
	// PipeBufFlagAtomic pipe buffer flag
	PipeBufFlagAtomic PipeBufFlag = 0x2 /* was atomically mapped */
	// PipeBufFlagGift pipe buffer flag
	PipeBufFlagGift PipeBufFlag = 0x4 /* page is a gift */
	// PipeBufFlagPacket pipe buffer flag
	PipeBufFlagPacket PipeBufFlag = 0x8 /* read() as a packet */
	// PipeBufFlagCanMerge pipe buffer flag
	PipeBufFlagCanMerge PipeBufFlag = 0x10 /* can merge buffers */
	// PipeBufFlagWhole pipe buffer flag
	PipeBufFlagWhole PipeBufFlag = 0x20 /* read() must return entire buffer or error */
	// PipeBufFlagLoss pipe buffer flag
	PipeBufFlagLoss PipeBufFlag = 0x40 /* Message loss happened after this buffer */
)

func (PipeBufFlag) String added in v0.35.0

func (pbf PipeBufFlag) String() string

type Process

type Process struct {
	PIDContext

	FileEvent FileEvent `field:"file,check:IsNotKworker"`

	CGroup      CGroupContext              `field:"cgroup"`                                         // SECLDoc[cgroup] Definition:`CGroup`
	ContainerID containerutils.ContainerID `field:"container.id,handler:ResolveProcessContainerID"` // SECLDoc[container.id] Definition:`Container ID`

	SpanID  uint64          `field:"-"`
	TraceID mathutil.Int128 `field:"-"`

	TTYName     string      `field:"tty_name"`                         // SECLDoc[tty_name] Definition:`Name of the TTY associated with the process`
	Comm        string      `field:"comm"`                             // SECLDoc[comm] Definition:`Comm attribute of the process`
	LinuxBinprm LinuxBinprm `field:"interpreter,check:HasInterpreter"` // Script interpreter as identified by the shebang

	// pid_cache_t
	ForkTime time.Time `field:"fork_time,opts:getters_only"`
	ExitTime time.Time `field:"exit_time,opts:getters_only"`
	ExecTime time.Time `field:"exec_time,opts:getters_only"`

	// TODO: merge with ExecTime
	CreatedAt uint64 `field:"created_at,handler:ResolveProcessCreatedAt"` // SECLDoc[created_at] Definition:`Timestamp of the creation of the process`

	Cookie uint64 `field:"-"`
	PPid   uint32 `field:"ppid"` // SECLDoc[ppid] Definition:`Parent process ID`

	// credentials_t section of pid_cache_t
	Credentials

	UserSession UserSessionContext `field:"user_session"` // SECLDoc[user_session] Definition:`User Session context of this process`

	AWSSecurityCredentials []AWSSecurityCredentials `field:"-"`

	ArgsID uint64 `field:"-"`
	EnvsID uint64 `field:"-"`

	ArgsEntry *ArgsEntry `field:"-"`
	EnvsEntry *EnvsEntry `field:"-"`

	// defined to generate accessors, ArgsTruncated and EnvsTruncated are used during by unmarshaller
	Argv0 string   `field:"argv0,handler:ResolveProcessArgv0,weight:100"`            // SECLDoc[argv0] Definition:`First argument of the process`
	Args  string   `field:"args,handler:ResolveProcessArgs,weight:500,opts:skip_ad"` // SECLDoc[args] Definition:`Arguments of the process (as a string, excluding argv0)` Example:`exec.args == "-sV -p 22,53,110,143,4564 198.116.0-255.1-127"` Description:`Matches any process with these exact arguments.` Example:`exec.args =~ "* -F * http*"` Description:`Matches any process that has the "-F" argument anywhere before an argument starting with "http".`
	Argv  []string ``                                                                // SECLDoc[argv] Definition:`Arguments of the process (as an array, excluding argv0)` Example:`exec.argv in ["127.0.0.1"]` Description:`Matches any process that has this IP address as one of its arguments.` SECLDoc[args_flags] Definition:`Flags in the process arguments` Example:`exec.args_flags in ["s"] && exec.args_flags in ["V"]` Description:`Matches any process with both "-s" and "-V" flags in its arguments. Also matches "-sV".` SECLDoc[args_options] Definition:`Argument of the process as options` Example:`exec.args_options in ["p=0-1024"]` Description:`Matches any process that has either "-p 0-1024" or "--p=0-1024" in its arguments.`
	/* 223-byte string literal not displayed */
	ArgsTruncated bool     `field:"args_truncated,handler:ResolveProcessArgsTruncated"` // SECLDoc[args_truncated] Definition:`Indicator of arguments truncation`
	Envs          []string `field:"envs,handler:ResolveProcessEnvs,weight:100"`         // SECLDoc[envs] Definition:`Environment variable names of the process`
	Envp          []string `field:"envp,handler:ResolveProcessEnvp,weight:100"`         // SECLDoc[envp] Definition:`Environment variables of the process`
	EnvsTruncated bool     `field:"envs_truncated,handler:ResolveProcessEnvsTruncated"` // SECLDoc[envs_truncated] Definition:`Indicator of environment variables truncation`

	ArgsScrubbed string   `field:"args_scrubbed,handler:ResolveProcessArgsScrubbed,opts:getters_only"`
	ArgvScrubbed []string `field:"argv_scrubbed,handler:ResolveProcessArgvScrubbed,opts:getters_only"`

	// symlink to the process binary
	SymlinkPathnameStr [MaxSymlinks]string `field:"-"`
	SymlinkBasenameStr string              `field:"-"`

	// cache version
	ScrubbedArgvResolved bool           `field:"-"`
	Variables            eval.Variables `field:"-"`

	// IsThread is the negation of IsExec and should be manipulated directly
	IsThread        bool `field:"is_thread,handler:ResolveProcessIsThread"` // SECLDoc[is_thread] Definition:`Indicates whether the process is considered a thread (that is, a child process that hasn't executed another program)`
	IsExec          bool `field:"is_exec"`                                  // SECLDoc[is_exec] Definition:`Indicates whether the process entry is from a new binary execution`
	IsExecExec      bool `field:"-"`                                        // Indicates whether the process is an exec following another exec
	IsParentMissing bool `field:"-"`                                        // Indicates the direct parent is missing

	Source uint64 `field:"-"`
	// contains filtered or unexported fields
}

Process represents a process

func (*Process) GetPathResolutionError

func (p *Process) GetPathResolutionError() string

GetPathResolutionError returns the path resolution error as a string if there is one

func (*Process) GetProcessArgv added in v0.51.0

func (p *Process) GetProcessArgv() ([]string, bool)

GetProcessArgv returns the unscrubbed args of the event as an array. Use with caution.

func (*Process) GetProcessArgv0 added in v0.51.0

func (p *Process) GetProcessArgv0() (string, bool)

GetProcessArgv0 returns the first arg of the event and whether the process arguments are truncated

func (*Process) HasInterpreter added in v0.40.0

func (p *Process) HasInterpreter() bool

HasInterpreter returns whether the process uses an interpreter

func (*Process) IsNotKworker added in v0.42.0

func (p *Process) IsNotKworker() bool

IsNotKworker returns true if the process isn't a kworker

func (*Process) MarshalPidCache added in v0.36.0

func (e *Process) MarshalPidCache(data []byte, bootTime time.Time) (int, error)

MarshalPidCache marshals a binary representation of itself

func (*Process) MarshalProcCache added in v0.36.0

func (e *Process) MarshalProcCache(data []byte, bootTime time.Time) (int, error)

MarshalProcCache marshals a binary representation of itself

func (*Process) SetSpan added in v0.48.0

func (p *Process) SetSpan(spanID uint64, traceID mathutil.Int128)

SetSpan sets the span

func (*Process) UnmarshalBinary

func (e *Process) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

func (*Process) UnmarshalPidCacheBinary added in v0.39.0

func (e *Process) UnmarshalPidCacheBinary(data []byte) (int, error)

UnmarshalPidCacheBinary unmarshalls Unmarshal pid_cache_t

func (*Process) UnmarshalProcEntryBinary added in v0.39.0

func (e *Process) UnmarshalProcEntryBinary(data []byte) (int, error)

UnmarshalProcEntryBinary unmarshalls process_entry_t from process.h

type ProcessAncestorsIterator

type ProcessAncestorsIterator struct {
	// contains filtered or unexported fields
}

ProcessAncestorsIterator defines an iterator of ancestors

func (*ProcessAncestorsIterator) At added in v0.60.0

At returns the element at the given position

func (*ProcessAncestorsIterator) Front

Front returns the first element

func (*ProcessAncestorsIterator) Len added in v0.60.0

func (it *ProcessAncestorsIterator) Len(ctx *eval.Context) int

Len returns the len

func (*ProcessAncestorsIterator) Next

Next returns the next element

type ProcessCacheEntry

type ProcessCacheEntry struct {
	ProcessContext
	// contains filtered or unexported fields
}

ProcessCacheEntry this struct holds process context kept in the process tree

func GetPlaceholderProcessCacheEntry added in v0.49.0

func GetPlaceholderProcessCacheEntry(pid uint32, tid uint32, isKworker bool) *ProcessCacheEntry

GetPlaceholderProcessCacheEntry returns an empty process cache entry for failed process resolutions

func NewPlaceholderProcessCacheEntry added in v0.49.0

func NewPlaceholderProcessCacheEntry(pid uint32, tid uint32, isKworker bool) *ProcessCacheEntry

NewPlaceholderProcessCacheEntry returns a new empty process cache entry for failed process resolutions

func NewProcessCacheEntry

func NewProcessCacheEntry(coreRelease func(_ *ProcessCacheEntry)) *ProcessCacheEntry

NewProcessCacheEntry returns a new process cache entry

func (*ProcessCacheEntry) AppendReleaseCallback added in v0.56.0

func (pc *ProcessCacheEntry) AppendReleaseCallback(callback func())

AppendReleaseCallback set the callback called when the entry is released

func (*ProcessCacheEntry) ApplyExecTimeOf added in v0.47.0

func (pc *ProcessCacheEntry) ApplyExecTimeOf(entry *ProcessCacheEntry)

ApplyExecTimeOf replace previous entry values by the given one

func (*ProcessCacheEntry) Equals added in v0.36.0

func (pc *ProcessCacheEntry) Equals(entry *ProcessCacheEntry) bool

Equals returns whether process cache entries share the same values for file and args/envs

func (*ProcessCacheEntry) Exec

func (pc *ProcessCacheEntry) Exec(entry *ProcessCacheEntry)

Exec replace a process

func (*ProcessCacheEntry) Exit

func (pc *ProcessCacheEntry) Exit(exitTime time.Time)

Exit a process

func (*ProcessCacheEntry) Fork

func (pc *ProcessCacheEntry) Fork(childEntry *ProcessCacheEntry)

Fork returns a copy of the current ProcessCacheEntry

func (*ProcessCacheEntry) GetContainerPIDs added in v0.51.0

func (pc *ProcessCacheEntry) GetContainerPIDs() ([]uint32, []string)

GetContainerPIDs return the pids

func (*ProcessCacheEntry) HasValidLineage added in v0.49.0

func (pc *ProcessCacheEntry) HasValidLineage() (bool, error)

HasValidLineage returns false if, from the entry, we cannot ascend the ancestors list to PID 1 or if a new is having a missing parent

func (*ProcessCacheEntry) IsContainerRoot added in v0.44.0

func (pc *ProcessCacheEntry) IsContainerRoot() bool

IsContainerRoot returns whether this is a top level process in the container ID

func (*ProcessCacheEntry) Release

func (pc *ProcessCacheEntry) Release()

Release decrement and eventually release the entry

func (*ProcessCacheEntry) Reset

func (pc *ProcessCacheEntry) Reset()

Reset the entry

func (*ProcessCacheEntry) Retain

func (pc *ProcessCacheEntry) Retain()

Retain increment ref counter

func (*ProcessCacheEntry) SetAncestor

func (pc *ProcessCacheEntry) SetAncestor(parent *ProcessCacheEntry)

SetAncestor sets the ancestor

func (*ProcessCacheEntry) SetAsExec

func (pc *ProcessCacheEntry) SetAsExec()

SetAsExec set the entry as an Exec

func (*ProcessCacheEntry) SetExecParent added in v0.60.0

func (pc *ProcessCacheEntry) SetExecParent(parent *ProcessCacheEntry)

SetExecParent set the parent of the exec entry

func (*ProcessCacheEntry) SetForkParent added in v0.60.0

func (pc *ProcessCacheEntry) SetForkParent(parent *ProcessCacheEntry)

SetForkParent set the parent of the fork entry

type ProcessContext

type ProcessContext struct {
	Process

	Parent   *Process           `field:"parent,opts:exposed_at_event_root_only,check:HasParent"`
	Ancestor *ProcessCacheEntry `field:"ancestors,iterator:ProcessAncestorsIterator,check:IsNotKworker"`
}

ProcessContext holds the process context of an event

func (*ProcessContext) HasParent added in v0.42.0

func (p *ProcessContext) HasParent() bool

HasParent returns whether the process has a parent

type Protection added in v0.34.0

type Protection uint64

Protection represents a virtual memory protection bitmask value

func (Protection) String added in v0.34.0

func (p Protection) String() string

type QClass added in v0.36.0

type QClass uint32

QClass is used to declare the qclass field of a DNS request

func (QClass) String added in v0.36.0

func (qc QClass) String() string

type QType added in v0.36.0

type QType uint32

QType is used to declare the qtype field of a DNS request

func (QType) String added in v0.36.0

func (qt QType) String() string

type RawPacketEvent added in v0.60.0

type RawPacketEvent struct {
	NetworkContext
	TLSContext  TLSContext           `field:"tls"`                                       // SECLDoc[tls] Definition:`TLS context`
	Filter      string               `field:"filter" op_override:"PacketFilterMatching"` // SECLDoc[filter] Definition:`pcap filter expression`
	CaptureInfo gopacket.CaptureInfo `field:"-"`
	Data        []byte               `field:"-"`
}

RawPacketEvent represents a packet event

func (*RawPacketEvent) UnmarshalBinary added in v0.60.0

func (e *RawPacketEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type Releasable added in v0.46.0

type Releasable struct {
	// contains filtered or unexported fields
}

Releasable represents an object than can be released

func (*Releasable) AppendReleaseCallback added in v0.56.0

func (r *Releasable) AppendReleaseCallback(callback func())

AppendReleaseCallback sets a callback to be called when the cache entry is released

func (*Releasable) CallReleaseCallback added in v0.46.0

func (r *Releasable) CallReleaseCallback()

CallReleaseCallback calls the on-release callback

type RenameEvent

type RenameEvent struct {
	SyscallEvent
	SyscallContext
	Old FileEvent `field:"file"`
	New FileEvent `field:"file.destination"`

	// Syscall context aliases
	SyscallPath            string `field:"syscall.path,ref:rename.syscall.str1"`             // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
	SyscallDestinationPath string `field:"syscall.destination.path,ref:rename.syscall.str2"` // SECLDoc[syscall.destination.path] Definition:`Destination path argument of the syscall`
}

RenameEvent represents a rename event

func (*RenameEvent) UnmarshalBinary

func (e *RenameEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type RetValError

type RetValError int

RetValError represents a syscall return error value

func (RetValError) String

func (f RetValError) String() string

type RmdirEvent

type RmdirEvent struct {
	SyscallEvent
	File FileEvent `field:"file"`
}

RmdirEvent represents a rmdir event

func (*RmdirEvent) UnmarshalBinary

func (e *RmdirEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SELinuxEvent

type SELinuxEvent struct {
	File            FileEvent        `field:"-"`
	EventKind       SELinuxEventKind `field:"-"`
	BoolName        string           `field:"bool.name,handler:ResolveSELinuxBoolName"` // SECLDoc[bool.name] Definition:`SELinux boolean name`
	BoolChangeValue string           `field:"bool.state"`                               // SECLDoc[bool.state] Definition:`SELinux boolean new value`
	BoolCommitValue bool             `field:"bool_commit.state"`                        // SECLDoc[bool_commit.state] Definition:`Indicator of a SELinux boolean commit operation`
	EnforceStatus   string           `field:"enforce.status"`                           // SECLDoc[enforce.status] Definition:`SELinux enforcement status (one of "enforcing", "permissive", "disabled")`
}

SELinuxEvent represents a selinux event

func (*SELinuxEvent) UnmarshalBinary

func (e *SELinuxEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SELinuxEventKind

type SELinuxEventKind uint32

SELinuxEventKind represents the event kind for SELinux events

const (
	// SELinuxBoolChangeEventKind represents SELinux boolean change events
	SELinuxBoolChangeEventKind SELinuxEventKind = iota
	// SELinuxStatusChangeEventKind represents SELinux status change events
	SELinuxStatusChangeEventKind
	// SELinuxBoolCommitEventKind represents SELinux boolean commit events
	SELinuxBoolCommitEventKind
)

type SecurityProfileContext added in v0.45.0

type SecurityProfileContext struct {
	Name           string                     `field:"name"`        // SECLDoc[name] Definition:`Name of the security profile`
	Version        string                     `field:"version"`     // SECLDoc[version] Definition:`Version of the security profile`
	Tags           []string                   `field:"tags"`        // SECLDoc[tags] Definition:`Tags of the security profile`
	EventTypes     []EventType                `field:"event_types"` // SECLDoc[event_types] Definition:`Event types enabled for the security profile`
	EventTypeState EventFilteringProfileState `field:"-"`           // State of the event type in this profile
}

SecurityProfileContext holds the security context of the profile

type SetXAttrEvent

type SetXAttrEvent struct {
	SyscallEvent
	File      FileEvent `field:"file"`
	Namespace string    `field:"file.destination.namespace,handler:ResolveXAttrNamespace"` // SECLDoc[file.destination.namespace] Definition:`Namespace of the extended attribute`
	Name      string    `field:"file.destination.name,handler:ResolveXAttrName"`           // SECLDoc[file.destination.name] Definition:`Name of the extended attribute`

	NameRaw [200]byte `field:"-"`
}

SetXAttrEvent represents an extended attributes event

func (*SetXAttrEvent) UnmarshalBinary

func (e *SetXAttrEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SetgidEvent

type SetgidEvent struct {
	GID     uint32 `field:"gid"`                                  // SECLDoc[gid] Definition:`New GID of the process`
	Group   string `field:"group,handler:ResolveSetgidGroup"`     // SECLDoc[group] Definition:`New group of the process`
	EGID    uint32 `field:"egid"`                                 // SECLDoc[egid] Definition:`New effective GID of the process`
	EGroup  string `field:"egroup,handler:ResolveSetgidEGroup"`   // SECLDoc[egroup] Definition:`New effective group of the process`
	FSGID   uint32 `field:"fsgid"`                                // SECLDoc[fsgid] Definition:`New FileSystem GID of the process`
	FSGroup string `field:"fsgroup,handler:ResolveSetgidFSGroup"` // SECLDoc[fsgroup] Definition:`New FileSystem group of the process`
}

SetgidEvent represents a setgid event

func (*SetgidEvent) UnmarshalBinary

func (e *SetgidEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SetuidEvent

type SetuidEvent struct {
	UID    uint32 `field:"uid"`                                // SECLDoc[uid] Definition:`New UID of the process`
	User   string `field:"user,handler:ResolveSetuidUser"`     // SECLDoc[user] Definition:`New user of the process`
	EUID   uint32 `field:"euid"`                               // SECLDoc[euid] Definition:`New effective UID of the process`
	EUser  string `field:"euser,handler:ResolveSetuidEUser"`   // SECLDoc[euser] Definition:`New effective user of the process`
	FSUID  uint32 `field:"fsuid"`                              // SECLDoc[fsuid] Definition:`New FileSystem UID of the process`
	FSUser string `field:"fsuser,handler:ResolveSetuidFSUser"` // SECLDoc[fsuser] Definition:`New FileSystem user of the process`
}

SetuidEvent represents a setuid event

func (*SetuidEvent) UnmarshalBinary

func (e *SetuidEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type Signal added in v0.35.0

type Signal int

Signal represents a type of unix signal (ie, SIGKILL, SIGSTOP etc)

func (Signal) String added in v0.35.0

func (sig Signal) String() string

type SignalEvent added in v0.35.0

type SignalEvent struct {
	SyscallEvent

	Type   uint32          `field:"type"`   // SECLDoc[type] Definition:`Signal type (ex: SIGHUP, SIGINT, SIGQUIT, etc)` Constants:`Signal constants`
	PID    uint32          `field:"pid"`    // SECLDoc[pid] Definition:`Target PID`
	Target *ProcessContext `field:"target"` // Target process context
}

SignalEvent represents a signal event

func (*SignalEvent) UnmarshalBinary added in v0.35.0

func (e *SignalEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type SpanContext

type SpanContext struct {
	SpanID  uint64          `field:"-"`
	TraceID mathutil.Int128 `field:"-"`
}

SpanContext describes a span context

func (*SpanContext) UnmarshalBinary

func (s *SpanContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SpliceEvent added in v0.35.0

type SpliceEvent struct {
	SyscallEvent

	File          FileEvent `field:"file"`            // File modified by the splice syscall
	PipeEntryFlag uint32    `field:"pipe_entry_flag"` // SECLDoc[pipe_entry_flag] Definition:`Entry flag of the "fd_out" pipe passed to the splice syscall` Constants:`Pipe buffer flags`
	PipeExitFlag  uint32    `field:"pipe_exit_flag"`  // SECLDoc[pipe_exit_flag] Definition:`Exit flag of the "fd_out" pipe passed to the splice syscall` Constants:`Pipe buffer flags`
}

SpliceEvent represents a splice event

func (*SpliceEvent) UnmarshalBinary added in v0.35.0

func (e *SpliceEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type Syscall added in v0.39.0

type Syscall int

Syscall represents a syscall identifier

const (
	SysRead                  Syscall = 0
	SysWrite                 Syscall = 1
	SysOpen                  Syscall = 2
	SysClose                 Syscall = 3
	SysStat                  Syscall = 4
	SysFstat                 Syscall = 5
	SysLstat                 Syscall = 6
	SysPoll                  Syscall = 7
	SysLseek                 Syscall = 8
	SysMmap                  Syscall = 9
	SysMprotect              Syscall = 10
	SysMunmap                Syscall = 11
	SysBrk                   Syscall = 12
	SysRtSigaction           Syscall = 13
	SysRtSigprocmask         Syscall = 14
	SysRtSigreturn           Syscall = 15
	SysIoctl                 Syscall = 16
	SysPread64               Syscall = 17
	SysPwrite64              Syscall = 18
	SysReadv                 Syscall = 19
	SysWritev                Syscall = 20
	SysAccess                Syscall = 21
	SysPipe                  Syscall = 22
	SysSelect                Syscall = 23
	SysSchedYield            Syscall = 24
	SysMremap                Syscall = 25
	SysMsync                 Syscall = 26
	SysMincore               Syscall = 27
	SysMadvise               Syscall = 28
	SysShmget                Syscall = 29
	SysShmat                 Syscall = 30
	SysShmctl                Syscall = 31
	SysDup                   Syscall = 32
	SysDup2                  Syscall = 33
	SysPause                 Syscall = 34
	SysNanosleep             Syscall = 35
	SysGetitimer             Syscall = 36
	SysAlarm                 Syscall = 37
	SysSetitimer             Syscall = 38
	SysGetpid                Syscall = 39
	SysSendfile              Syscall = 40
	SysSocket                Syscall = 41
	SysConnect               Syscall = 42
	SysAccept                Syscall = 43
	SysSendto                Syscall = 44
	SysRecvfrom              Syscall = 45
	SysSendmsg               Syscall = 46
	SysRecvmsg               Syscall = 47
	SysShutdown              Syscall = 48
	SysBind                  Syscall = 49
	SysListen                Syscall = 50
	SysGetsockname           Syscall = 51
	SysGetpeername           Syscall = 52
	SysSocketpair            Syscall = 53
	SysSetsockopt            Syscall = 54
	SysGetsockopt            Syscall = 55
	SysClone                 Syscall = 56
	SysFork                  Syscall = 57
	SysVfork                 Syscall = 58
	SysExecve                Syscall = 59
	SysExit                  Syscall = 60
	SysWait4                 Syscall = 61
	SysKill                  Syscall = 62
	SysUname                 Syscall = 63
	SysSemget                Syscall = 64
	SysSemop                 Syscall = 65
	SysSemctl                Syscall = 66
	SysShmdt                 Syscall = 67
	SysMsgget                Syscall = 68
	SysMsgsnd                Syscall = 69
	SysMsgrcv                Syscall = 70
	SysMsgctl                Syscall = 71
	SysFcntl                 Syscall = 72
	SysFlock                 Syscall = 73
	SysFsync                 Syscall = 74
	SysFdatasync             Syscall = 75
	SysTruncate              Syscall = 76
	SysFtruncate             Syscall = 77
	SysGetdents              Syscall = 78
	SysGetcwd                Syscall = 79
	SysChdir                 Syscall = 80
	SysFchdir                Syscall = 81
	SysRename                Syscall = 82
	SysMkdir                 Syscall = 83
	SysRmdir                 Syscall = 84
	SysCreat                 Syscall = 85
	SysLink                  Syscall = 86
	SysUnlink                Syscall = 87
	SysSymlink               Syscall = 88
	SysReadlink              Syscall = 89
	SysChmod                 Syscall = 90
	SysFchmod                Syscall = 91
	SysChown                 Syscall = 92
	SysFchown                Syscall = 93
	SysLchown                Syscall = 94
	SysUmask                 Syscall = 95
	SysGettimeofday          Syscall = 96
	SysGetrlimit             Syscall = 97
	SysGetrusage             Syscall = 98
	SysSysinfo               Syscall = 99
	SysTimes                 Syscall = 100
	SysPtrace                Syscall = 101
	SysGetuid                Syscall = 102
	SysSyslog                Syscall = 103
	SysGetgid                Syscall = 104
	SysSetuid                Syscall = 105
	SysSetgid                Syscall = 106
	SysGeteuid               Syscall = 107
	SysGetegid               Syscall = 108
	SysSetpgid               Syscall = 109
	SysGetppid               Syscall = 110
	SysGetpgrp               Syscall = 111
	SysSetsid                Syscall = 112
	SysSetreuid              Syscall = 113
	SysSetregid              Syscall = 114
	SysGetgroups             Syscall = 115
	SysSetgroups             Syscall = 116
	SysSetresuid             Syscall = 117
	SysGetresuid             Syscall = 118
	SysSetresgid             Syscall = 119
	SysGetresgid             Syscall = 120
	SysGetpgid               Syscall = 121
	SysSetfsuid              Syscall = 122
	SysSetfsgid              Syscall = 123
	SysGetsid                Syscall = 124
	SysCapget                Syscall = 125
	SysCapset                Syscall = 126
	SysRtSigpending          Syscall = 127
	SysRtSigtimedwait        Syscall = 128
	SysRtSigqueueinfo        Syscall = 129
	SysRtSigsuspend          Syscall = 130
	SysSigaltstack           Syscall = 131
	SysUtime                 Syscall = 132
	SysMknod                 Syscall = 133
	SysUselib                Syscall = 134
	SysPersonality           Syscall = 135
	SysUstat                 Syscall = 136
	SysStatfs                Syscall = 137
	SysFstatfs               Syscall = 138
	SysSysfs                 Syscall = 139
	SysGetpriority           Syscall = 140
	SysSetpriority           Syscall = 141
	SysSchedSetparam         Syscall = 142
	SysSchedGetparam         Syscall = 143
	SysSchedSetscheduler     Syscall = 144
	SysSchedGetscheduler     Syscall = 145
	SysSchedGetPriorityMax   Syscall = 146
	SysSchedGetPriorityMin   Syscall = 147
	SysSchedRrGetInterval    Syscall = 148
	SysMlock                 Syscall = 149
	SysMunlock               Syscall = 150
	SysMlockall              Syscall = 151
	SysMunlockall            Syscall = 152
	SysVhangup               Syscall = 153
	SysModifyLdt             Syscall = 154
	SysPivotRoot             Syscall = 155
	SysSysctl                Syscall = 156
	SysPrctl                 Syscall = 157
	SysArchPrctl             Syscall = 158
	SysAdjtimex              Syscall = 159
	SysSetrlimit             Syscall = 160
	SysChroot                Syscall = 161
	SysSync                  Syscall = 162
	SysAcct                  Syscall = 163
	SysSettimeofday          Syscall = 164
	SysMount                 Syscall = 165
	SysUmount2               Syscall = 166
	SysSwapon                Syscall = 167
	SysSwapoff               Syscall = 168
	SysReboot                Syscall = 169
	SysSethostname           Syscall = 170
	SysSetdomainname         Syscall = 171
	SysIopl                  Syscall = 172
	SysIoperm                Syscall = 173
	SysCreateModule          Syscall = 174
	SysInitModule            Syscall = 175
	SysDeleteModule          Syscall = 176
	SysGetKernelSyms         Syscall = 177
	SysQueryModule           Syscall = 178
	SysQuotactl              Syscall = 179
	SysNfsservctl            Syscall = 180
	SysGetpmsg               Syscall = 181
	SysPutpmsg               Syscall = 182
	SysAfsSyscall            Syscall = 183
	SysTuxcall               Syscall = 184
	SysSecurity              Syscall = 185
	SysGettid                Syscall = 186
	SysReadahead             Syscall = 187
	SysSetxattr              Syscall = 188
	SysLsetxattr             Syscall = 189
	SysFsetxattr             Syscall = 190
	SysGetxattr              Syscall = 191
	SysLgetxattr             Syscall = 192
	SysFgetxattr             Syscall = 193
	SysListxattr             Syscall = 194
	SysLlistxattr            Syscall = 195
	SysFlistxattr            Syscall = 196
	SysRemovexattr           Syscall = 197
	SysLremovexattr          Syscall = 198
	SysFremovexattr          Syscall = 199
	SysTkill                 Syscall = 200
	SysTime                  Syscall = 201
	SysFutex                 Syscall = 202
	SysSchedSetaffinity      Syscall = 203
	SysSchedGetaffinity      Syscall = 204
	SysSetThreadArea         Syscall = 205
	SysIoSetup               Syscall = 206
	SysIoDestroy             Syscall = 207
	SysIoGetevents           Syscall = 208
	SysIoSubmit              Syscall = 209
	SysIoCancel              Syscall = 210
	SysGetThreadArea         Syscall = 211
	SysLookupDcookie         Syscall = 212
	SysEpollCreate           Syscall = 213
	SysEpollCtlOld           Syscall = 214
	SysEpollWaitOld          Syscall = 215
	SysRemapFilePages        Syscall = 216
	SysGetdents64            Syscall = 217
	SysSetTidAddress         Syscall = 218
	SysRestartSyscall        Syscall = 219
	SysSemtimedop            Syscall = 220
	SysFadvise64             Syscall = 221
	SysTimerCreate           Syscall = 222
	SysTimerSettime          Syscall = 223
	SysTimerGettime          Syscall = 224
	SysTimerGetoverrun       Syscall = 225
	SysTimerDelete           Syscall = 226
	SysClockSettime          Syscall = 227
	SysClockGettime          Syscall = 228
	SysClockGetres           Syscall = 229
	SysClockNanosleep        Syscall = 230
	SysExitGroup             Syscall = 231
	SysEpollWait             Syscall = 232
	SysEpollCtl              Syscall = 233
	SysTgkill                Syscall = 234
	SysUtimes                Syscall = 235
	SysVserver               Syscall = 236
	SysMbind                 Syscall = 237
	SysSetMempolicy          Syscall = 238
	SysGetMempolicy          Syscall = 239
	SysMqOpen                Syscall = 240
	SysMqUnlink              Syscall = 241
	SysMqTimedsend           Syscall = 242
	SysMqTimedreceive        Syscall = 243
	SysMqNotify              Syscall = 244
	SysMqGetsetattr          Syscall = 245
	SysKexecLoad             Syscall = 246
	SysWaitid                Syscall = 247
	SysAddKey                Syscall = 248
	SysRequestKey            Syscall = 249
	SysKeyctl                Syscall = 250
	SysIoprioSet             Syscall = 251
	SysIoprioGet             Syscall = 252
	SysInotifyInit           Syscall = 253
	SysInotifyAddWatch       Syscall = 254
	SysInotifyRmWatch        Syscall = 255
	SysMigratePages          Syscall = 256
	SysOpenat                Syscall = 257
	SysMkdirat               Syscall = 258
	SysMknodat               Syscall = 259
	SysFchownat              Syscall = 260
	SysFutimesat             Syscall = 261
	SysNewfstatat            Syscall = 262
	SysUnlinkat              Syscall = 263
	SysRenameat              Syscall = 264
	SysLinkat                Syscall = 265
	SysSymlinkat             Syscall = 266
	SysReadlinkat            Syscall = 267
	SysFchmodat              Syscall = 268
	SysFaccessat             Syscall = 269
	SysPselect6              Syscall = 270
	SysPpoll                 Syscall = 271
	SysUnshare               Syscall = 272
	SysSetRobustList         Syscall = 273
	SysGetRobustList         Syscall = 274
	SysSplice                Syscall = 275
	SysTee                   Syscall = 276
	SysSyncFileRange         Syscall = 277
	SysVmsplice              Syscall = 278
	SysMovePages             Syscall = 279
	SysUtimensat             Syscall = 280
	SysEpollPwait            Syscall = 281
	SysSignalfd              Syscall = 282
	SysTimerfdCreate         Syscall = 283
	SysEventfd               Syscall = 284
	SysFallocate             Syscall = 285
	SysTimerfdSettime        Syscall = 286
	SysTimerfdGettime        Syscall = 287
	SysAccept4               Syscall = 288
	SysSignalfd4             Syscall = 289
	SysEventfd2              Syscall = 290
	SysEpollCreate1          Syscall = 291
	SysDup3                  Syscall = 292
	SysPipe2                 Syscall = 293
	SysInotifyInit1          Syscall = 294
	SysPreadv                Syscall = 295
	SysPwritev               Syscall = 296
	SysRtTgsigqueueinfo      Syscall = 297
	SysPerfEventOpen         Syscall = 298
	SysRecvmmsg              Syscall = 299
	SysFanotifyInit          Syscall = 300
	SysFanotifyMark          Syscall = 301
	SysPrlimit64             Syscall = 302
	SysNameToHandleAt        Syscall = 303
	SysOpenByHandleAt        Syscall = 304
	SysClockAdjtime          Syscall = 305
	SysSyncfs                Syscall = 306
	SysSendmmsg              Syscall = 307
	SysSetns                 Syscall = 308
	SysGetcpu                Syscall = 309
	SysProcessVmReadv        Syscall = 310
	SysProcessVmWritev       Syscall = 311
	SysKcmp                  Syscall = 312
	SysFinitModule           Syscall = 313
	SysSchedSetattr          Syscall = 314
	SysSchedGetattr          Syscall = 315
	SysRenameat2             Syscall = 316
	SysSeccomp               Syscall = 317
	SysGetrandom             Syscall = 318
	SysMemfdCreate           Syscall = 319
	SysKexecFileLoad         Syscall = 320
	SysBpf                   Syscall = 321
	SysExecveat              Syscall = 322
	SysUserfaultfd           Syscall = 323
	SysMembarrier            Syscall = 324
	SysMlock2                Syscall = 325
	SysCopyFileRange         Syscall = 326
	SysPreadv2               Syscall = 327
	SysPwritev2              Syscall = 328
	SysPkeyMprotect          Syscall = 329
	SysPkeyAlloc             Syscall = 330
	SysPkeyFree              Syscall = 331
	SysStatx                 Syscall = 332
	SysIoPgetevents          Syscall = 333
	SysRseq                  Syscall = 334
	SysPidfdSendSignal       Syscall = 424
	SysIoUringSetup          Syscall = 425
	SysIoUringEnter          Syscall = 426
	SysIoUringRegister       Syscall = 427
	SysOpenTree              Syscall = 428
	SysMoveMount             Syscall = 429
	SysFsopen                Syscall = 430
	SysFsconfig              Syscall = 431
	SysFsmount               Syscall = 432
	SysFspick                Syscall = 433
	SysPidfdOpen             Syscall = 434
	SysClone3                Syscall = 435
	SysCloseRange            Syscall = 436
	SysOpenat2               Syscall = 437
	SysPidfdGetfd            Syscall = 438
	SysFaccessat2            Syscall = 439
	SysProcessMadvise        Syscall = 440
	SysEpollPwait2           Syscall = 441
	SysMountSetattr          Syscall = 442
	SysQuotactlFd            Syscall = 443
	SysLandlockCreateRuleset Syscall = 444
	SysLandlockAddRule       Syscall = 445
	SysLandlockRestrictSelf  Syscall = 446
	SysMemfdSecret           Syscall = 447
	SysProcessMrelease       Syscall = 448
	SysFutexWaitv            Syscall = 449
	SysSetMempolicyHomeNode  Syscall = 450
	SysCachestat             Syscall = 451
	SysFchmodat2             Syscall = 452
	SysMapShadowStack        Syscall = 453
	SysFutexWake             Syscall = 454
	SysFutexWait             Syscall = 455
	SysFutexRequeue          Syscall = 456
	SysStatmount             Syscall = 457
	SysListmount             Syscall = 458
	SysLsmGetSelfAttr        Syscall = 459
	SysLsmSetSelfAttr        Syscall = 460
	SysLsmListModules        Syscall = 461
)

Linux syscall identifiers

func (Syscall) MarshalText added in v0.39.0

func (s Syscall) MarshalText() ([]byte, error)

MarshalText maps the syscall identifier to UTF-8-encoded text and returns the result

func (Syscall) String added in v0.39.0

func (i Syscall) String() string

type SyscallContext added in v0.55.0

type SyscallContext struct {
	ID uint32 `field:"-"`

	StrArg1 string `field:"syscall.str1,handler:ResolveSyscallCtxArgsStr1,weight:900,opts:getters_only|skip_ad"`
	StrArg2 string `field:"syscall.str2,handler:ResolveSyscallCtxArgsStr2,weight:900,opts:getters_only|skip_ad"`
	StrArg3 string `field:"syscall.str3,handler:ResolveSyscallCtxArgsStr3,weight:900,opts:getters_only|skip_ad"`

	IntArg1 int64 `field:"syscall.int1,handler:ResolveSyscallCtxArgsInt1,weight:900,opts:getters_only|skip_ad"`
	IntArg2 int64 `field:"syscall.int2,handler:ResolveSyscallCtxArgsInt2,weight:900,opts:getters_only|skip_ad"`
	IntArg3 int64 `field:"syscall.int3,handler:ResolveSyscallCtxArgsInt3,weight:900,opts:getters_only|skip_ad"`

	Resolved bool `field:"-"`
}

SyscallContext contains syscall context

func (*SyscallContext) UnmarshalBinary added in v0.55.0

func (e *SyscallContext) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SyscallDriftEventReason added in v0.57.0

type SyscallDriftEventReason uint64

SyscallDriftEventReason describes why a syscall drift event was sent

const (
	// SyscallMonitorPeriodReason means that the event was sent because the syscall cache entry was dirty for longer than syscall_monitor.period
	SyscallMonitorPeriodReason SyscallDriftEventReason = iota + 1
	// ExitReason means that the event was sent because a pid that was about to exit had a dirty cache entry
	ExitReason
	// ExecveReason means that the event was sent because an execve syscall was detected on a pid with a dirty cache entry
	ExecveReason
)

func (SyscallDriftEventReason) String added in v0.57.0

func (r SyscallDriftEventReason) String() string

type SyscallEvent

type SyscallEvent struct {
	Retval int64 `field:"retval"` // SECLDoc[retval] Definition:`Return value of the syscall` Constants:`Error constants`
}

SyscallEvent contains common fields for all the event

func (*SyscallEvent) UnmarshalBinary

func (e *SyscallEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type SyscallsEvent added in v0.39.0

type SyscallsEvent struct {
	EventReason SyscallDriftEventReason
	Syscalls    []Syscall // 64 * 8 = 512 > 450, bytes should be enough to hold all 450 syscalls
}

SyscallsEvent represents a syscalls event

func (*SyscallsEvent) UnmarshalBinary added in v0.39.0

func (e *SyscallsEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type TLSContext added in v0.60.0

type TLSContext struct {
	Version uint16 `field:"version"` // SECLDoc[version] Definition:`TLS version`
}

TLSContext represents a tls context

type TLSVersion added in v0.60.0

type TLSVersion uint16

TLSVersion tls version

func (TLSVersion) String added in v0.60.0

func (tls TLSVersion) String() string

type UmountEvent

type UmountEvent struct {
	SyscallEvent
	MountID uint32
}

UmountEvent represents an umount event

func (*UmountEvent) UnmarshalBinary

func (e *UmountEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type UnlinkEvent

type UnlinkEvent struct {
	SyscallEvent
	SyscallContext
	File  FileEvent `field:"file"`
	Flags uint32    `field:"flags"` // SECLDoc[flags] Definition:`Flags of the unlink syscall` Constants:`Unlink flags`

	// Syscall context aliases
	SyscallDirFd uint64 `field:"syscall.dirfd,ref:unlink.syscall.int1"` // SECLDoc[syscall.dirfd] Definition:`Directory file descriptor argument of the syscall`
	SyscallPath  string `field:"syscall.path,ref:unlink.syscall.str2"`  // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
	SyscallFlags uint64 `field:"syscall.flags,ref:unlink.syscall.int3"` // SECLDoc[syscall.flags] Definition:`Flags argument of the syscall`
}

UnlinkEvent represents an unlink event

func (*UnlinkEvent) UnmarshalBinary

func (e *UnlinkEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type UnlinkFlags

type UnlinkFlags int

UnlinkFlags represents an unlink flags bitmask value

func (UnlinkFlags) String

func (f UnlinkFlags) String() string

func (UnlinkFlags) StringArray

func (f UnlinkFlags) StringArray() []string

StringArray returns the unlink flags as an array of strings

type UnloadModuleEvent added in v0.35.0

type UnloadModuleEvent struct {
	SyscallEvent

	Name string `field:"name"` // SECLDoc[name] Definition:`Name of the kernel module that was deleted`
}

UnloadModuleEvent represents an unload_module event

func (*UnloadModuleEvent) UnmarshalBinary added in v0.35.0

func (e *UnloadModuleEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshals a binary representation of itself

type UnshareMountNSEvent added in v0.42.0

type UnshareMountNSEvent struct {
	Mount
}

UnshareMountNSEvent represents a mount cloned from a newly created mount namespace

func (*UnshareMountNSEvent) UnmarshalBinary added in v0.42.0

func (e *UnshareMountNSEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type UserSessionContext added in v0.50.0

type UserSessionContext struct {
	ID          uint64           `field:"-"`
	SessionType usersession.Type `field:"-"`
	Resolved    bool             `field:"-"`
	// Kubernetes User Session context
	K8SUsername string              `field:"k8s_username,handler:ResolveK8SUsername" json:"username,omitempty"` // SECLDoc[k8s_username] Definition:`Kubernetes username of the user that executed the process`
	K8SUID      string              `field:"k8s_uid,handler:ResolveK8SUID" json:"uid,omitempty"`                // SECLDoc[k8s_uid] Definition:`Kubernetes UID of the user that executed the process`
	K8SGroups   []string            `field:"k8s_groups,handler:ResolveK8SGroups" json:"groups,omitempty"`       // SECLDoc[k8s_groups] Definition:`Kubernetes groups of the user that executed the process`
	K8SExtra    map[string][]string `json:"extra,omitempty"`
}

UserSessionContext describes the user session context Disclaimer: the `json` tags are used to parse K8s credentials from cws-instrumentation

type UtimesEvent

type UtimesEvent struct {
	SyscallEvent
	SyscallContext
	File  FileEvent `field:"file"`
	Atime time.Time `field:"-"`
	Mtime time.Time `field:"-"`

	// Syscall context aliases
	SyscallPath string `field:"syscall.path,ref:utimes.syscall.str1"` // SECLDoc[syscall.path] Definition:`Path argument of the syscall`
}

UtimesEvent represents a utime event

func (*UtimesEvent) UnmarshalBinary

func (e *UtimesEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

type VMFlag added in v0.34.0

type VMFlag uint64

VMFlag represents a VM_* bitmask value

func (VMFlag) String added in v0.34.0

func (vmf VMFlag) String() string

type VethPairEvent added in v0.36.0

type VethPairEvent struct {
	SyscallEvent

	HostDevice NetDevice
	PeerDevice NetDevice
}

VethPairEvent represents a veth pair event

func (*VethPairEvent) UnmarshalBinary added in v0.36.0

func (e *VethPairEvent) UnmarshalBinary(data []byte) (int, error)

UnmarshalBinary unmarshalls a binary representation of itself

Directories

Path Synopsis
Package main holds main related files
Package main holds main related files
Package main holds main related files
Package main holds main related files
Package usersession holds model related to the user session context
Package usersession holds model related to the user session context

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL