rules

package
v0.0.0-...-0715958 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 2, 2025 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Package rules holds rules related files

Index

Constants

View Source
const (
	// TagMaxResolutionDelay maximum tag resolution delay
	TagMaxResolutionDelay = 5 * time.Second
)

Variables

This section is empty.

Functions

This section is empty.

Types

type APIServer

type APIServer interface {
	ApplyRuleIDs([]rules.RuleID)
	ApplyPolicyStates([]*monitor.PolicyState)
}

APIServer defines the API server

type RuleEngine

type RuleEngine struct {
	sync.RWMutex

	AutoSuppression autosuppression.AutoSuppression
	// contains filtered or unexported fields
}

RuleEngine defines a rule engine

func NewRuleEngine

func NewRuleEngine(evm *eventmonitor.EventMonitor, config *config.RuntimeSecurityConfig, probe *probe.Probe, rateLimiter *events.RateLimiter, apiServer APIServer, sender events.EventSender, statsdClient statsd.ClientInterface, rulesetListeners ...rules.RuleSetListener) (*RuleEngine, error)

NewRuleEngine returns a new rule engine

func (*RuleEngine) AddPolicyProvider

func (e *RuleEngine) AddPolicyProvider(provider rules.PolicyProvider)

AddPolicyProvider add a provider

func (*RuleEngine) EventDiscarderFound

func (e *RuleEngine) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)

EventDiscarderFound is called by the ruleset when a new discarder discovered

func (*RuleEngine) GetRuleSet

func (e *RuleEngine) GetRuleSet() (rs *rules.RuleSet)

GetRuleSet returns the set of loaded rules

func (*RuleEngine) HandleEvent

func (e *RuleEngine) HandleEvent(event *model.Event)

HandleEvent is called by the probe when an event arrives from the kernel

func (*RuleEngine) LoadPolicies

func (e *RuleEngine) LoadPolicies(providers []rules.PolicyProvider, sendLoadedReport bool) error

LoadPolicies loads the policies

func (*RuleEngine) ReloadPolicies

func (e *RuleEngine) ReloadPolicies() error

ReloadPolicies reloads the policies

func (*RuleEngine) RuleMatch

func (e *RuleEngine) RuleMatch(rule *rules.Rule, event eval.Event) bool

RuleMatch is called by the ruleset when a rule matches

func (*RuleEngine) SetRulesetLoadedCallback

func (e *RuleEngine) SetRulesetLoadedCallback(cb func(es *rules.RuleSet, err *multierror.Error))

SetRulesetLoadedCallback allows setting a callback called when a rule set is loaded

func (*RuleEngine) Start

func (e *RuleEngine) Start(ctx context.Context, reloadChan <-chan struct{}, wg *sync.WaitGroup) error

Start the rule engine

func (*RuleEngine) Stop

func (e *RuleEngine) Stop()

Stop stops the rule engine

func (*RuleEngine) StopEventCollector

func (e *RuleEngine) StopEventCollector() []rules.CollectedEvent

StopEventCollector stops the event collector

Directories

Path Synopsis
Package autosuppression holds auto suppression related files
Package autosuppression holds auto suppression related files
Package bundled contains bundled rules
Package bundled contains bundled rules
Package filtermodel holds rules related files
Package filtermodel holds rules related files
Package monitor holds rules related files
Package monitor holds rules related files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL