Documentation ¶
Overview ¶
Package serializers defines functions aiming to serialize events
Package serializers holds serializers related files
Index ¶
- func DecodeEvent(file string) (*model.Event, error)
- func MarshalCustomEvent(event *events.CustomEvent) ([]byte, error)
- func MarshalEvent(event *model.Event) ([]byte, error)
- func UnmarshalEvent(raw []byte) (*model.Event, error)
- type AWSIMDSEventSerializer
- type AWSSecurityCredentialsSerializer
- type AnomalyDetectionSyscallEventSerializer
- type BPFEventSerializer
- type BPFMapSerializer
- type BPFProgramSerializer
- type BaseEventSerializer
- type BindEventSerializer
- type CGroupContextSerializer
- type CapsetSerializer
- type ConnectEventSerializer
- type ContainerContextSerializer
- type CredentialsSerializer
- type DDContextSerializer
- type DNSEventSerializer
- type DNSQuestionSerializer
- type EventContextSerializer
- type EventSerializer
- type EventSerializerPatcher
- type EventStringerWrapper
- type ExitEventSerializer
- type FileEventSerializer
- type FileSerializer
- type IMDSEventSerializer
- type IPPortFamilySerializer
- type IPPortSerializer
- type MMapEventSerializer
- type MProtectEventSerializer
- type MatchedRuleSerializer
- type ModuleEventSerializer
- type MountEventSerializer
- type NetworkContextSerializer
- type NetworkDeviceSerializer
- type PTraceEventSerializer
- type ProcessContextSerializer
- type ProcessCredentialsSerializer
- type ProcessSerializer
- type RawPacketSerializer
- type SELinuxBoolChangeSerializer
- type SELinuxBoolCommitSerializer
- type SELinuxEnforceStatusSerializer
- type SELinuxEventSerializer
- type SecurityProfileContextSerializer
- type SetgidSerializer
- type SetuidSerializer
- type SignalEventSerializer
- type SpliceEventSerializer
- type SyscallArgsSerializer
- type SyscallContextSerializer
- type SyscallSerializer
- type SyscallsEventSerializer
- type TLSContextSerializer
- type UserContextSerializer
- type UserSessionContextSerializer
- type Variables
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeEvent ¶
DecodeEvent will read a JSON file, and unmarshal its content to an model.Event
func MarshalCustomEvent ¶
func MarshalCustomEvent(event *events.CustomEvent) ([]byte, error)
MarshalCustomEvent marshal the custom event
func MarshalEvent ¶
MarshalEvent marshal the event
Types ¶
type AWSIMDSEventSerializer ¶
type AWSIMDSEventSerializer struct { // is_imds_v2 reports if the IMDS event follows IMDSv1 or IMDSv2 conventions IsIMDSv2 bool `json:"is_imds_v2"` // SecurityCredentials holds the scrubbed data collected on the security credentials SecurityCredentials *AWSSecurityCredentialsSerializer `json:"security_credentials,omitempty"` }
AWSIMDSEventSerializer serializes an AWS IMDS event to JSON easyjson:json
func (AWSIMDSEventSerializer) MarshalEasyJSON ¶
func (v AWSIMDSEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*AWSIMDSEventSerializer) UnmarshalEasyJSON ¶
func (v *AWSIMDSEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type AWSSecurityCredentialsSerializer ¶
type AWSSecurityCredentialsSerializer struct { // code is the IMDS server code response Code string `json:"code"` // type is the security credentials type Type string `json:"type"` // access_key_id is the unique access key ID of the credentials AccessKeyID string `json:"access_key_id"` // last_updated is the last time the credentials were updated LastUpdated string `json:"last_updated"` // expiration is the expiration date of the credentials Expiration string `json:"expiration"` }
AWSSecurityCredentialsSerializer serializes the security credentials from an AWS IMDS request easyjson:json
func (AWSSecurityCredentialsSerializer) MarshalEasyJSON ¶
func (v AWSSecurityCredentialsSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*AWSSecurityCredentialsSerializer) UnmarshalEasyJSON ¶
func (v *AWSSecurityCredentialsSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type AnomalyDetectionSyscallEventSerializer ¶
type AnomalyDetectionSyscallEventSerializer struct { // Name of the syscall that triggered the anomaly detection event Syscall string `json:"syscall"` }
AnomalyDetectionSyscallEventSerializer serializes an anomaly detection for a syscall event easyjson:json
func (AnomalyDetectionSyscallEventSerializer) MarshalEasyJSON ¶
func (v AnomalyDetectionSyscallEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*AnomalyDetectionSyscallEventSerializer) UnmarshalEasyJSON ¶
func (v *AnomalyDetectionSyscallEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type BPFEventSerializer ¶
type BPFEventSerializer struct { // BPF command Cmd string `json:"cmd"` // BPF map Map *BPFMapSerializer `json:"map,omitempty"` // BPF program Program *BPFProgramSerializer `json:"program,omitempty"` }
BPFEventSerializer serializes a BPF event to JSON easyjson:json
func (BPFEventSerializer) MarshalEasyJSON ¶
func (v BPFEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*BPFEventSerializer) UnmarshalEasyJSON ¶
func (v *BPFEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type BPFMapSerializer ¶
type BPFMapSerializer struct { // Name of the BPF map Name string `json:"name,omitempty"` // Type of the BPF map MapType string `json:"map_type,omitempty"` }
BPFMapSerializer serializes a BPF map to JSON easyjson:json
func (BPFMapSerializer) MarshalEasyJSON ¶
func (v BPFMapSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*BPFMapSerializer) UnmarshalEasyJSON ¶
func (v *BPFMapSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type BPFProgramSerializer ¶
type BPFProgramSerializer struct { // Name of the BPF program Name string `json:"name,omitempty"` // Hash (sha1) of the BPF program Tag string `json:"tag,omitempty"` // Type of the BPF program ProgramType string `json:"program_type,omitempty"` // Attach type of the BPF program AttachType string `json:"attach_type,omitempty"` // List of helpers used by the BPF program Helpers []string `json:"helpers,omitempty"` }
BPFProgramSerializer serializes a BPF map to JSON easyjson:json
func (BPFProgramSerializer) MarshalEasyJSON ¶
func (v BPFProgramSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*BPFProgramSerializer) UnmarshalEasyJSON ¶
func (v *BPFProgramSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type BaseEventSerializer ¶
type BaseEventSerializer struct { EventContextSerializer `json:"evt,omitempty"` Date utils.EasyjsonTime `json:"date,omitempty"` *FileEventSerializer `json:"file,omitempty"` *ExitEventSerializer `json:"exit,omitempty"` *ProcessContextSerializer `json:"process,omitempty"` *ContainerContextSerializer `json:"container,omitempty"` }
BaseEventSerializer serializes an event to JSON easyjson:json
func NewBaseEventSerializer ¶
func NewBaseEventSerializer(event *model.Event, opts *eval.Opts) *BaseEventSerializer
NewBaseEventSerializer creates a new event serializer based on the event type
func (BaseEventSerializer) MarshalEasyJSON ¶
func (v BaseEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*BaseEventSerializer) UnmarshalEasyJSON ¶
func (v *BaseEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type BindEventSerializer ¶
type BindEventSerializer struct { // Bound address (if any) Addr IPPortFamilySerializer `json:"addr"` Protocol string `json:"protocol"` }
BindEventSerializer serializes a bind event to JSON easyjson:json
func (BindEventSerializer) MarshalEasyJSON ¶
func (v BindEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*BindEventSerializer) UnmarshalEasyJSON ¶
func (v *BindEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type CGroupContextSerializer ¶
type CGroupContextSerializer struct { // CGroup ID ID string `json:"id,omitempty"` // CGroup manager Manager string `json:"manager,omitempty"` }
CGroupContextSerializer serializes a cgroup context to JSON easyjson:json
func (CGroupContextSerializer) MarshalEasyJSON ¶
func (v CGroupContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*CGroupContextSerializer) UnmarshalEasyJSON ¶
func (v *CGroupContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type CapsetSerializer ¶
type CapsetSerializer struct { // Effective Capability set CapEffective []string `json:"cap_effective"` // Permitted Capability set CapPermitted []string `json:"cap_permitted"` }
CapsetSerializer serializes a capset event easyjson:json
func (CapsetSerializer) MarshalEasyJSON ¶
func (v CapsetSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*CapsetSerializer) UnmarshalEasyJSON ¶
func (v *CapsetSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ConnectEventSerializer ¶
type ConnectEventSerializer struct { Addr IPPortFamilySerializer `json:"addr"` Protocol string `json:"protocol"` }
ConnectEventSerializer serializes a connect event to JSON easyjson:json
func (ConnectEventSerializer) MarshalEasyJSON ¶
func (v ConnectEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ConnectEventSerializer) UnmarshalEasyJSON ¶
func (v *ConnectEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ContainerContextSerializer ¶
type ContainerContextSerializer struct { // Container ID ID string `json:"id,omitempty"` // Creation time of the container CreatedAt *utils.EasyjsonTime `json:"created_at,omitempty"` // Variables values Variables Variables `json:"variables,omitempty"` }
ContainerContextSerializer serializes a container context to JSON easyjson:json
func (ContainerContextSerializer) MarshalEasyJSON ¶
func (v ContainerContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ContainerContextSerializer) UnmarshalEasyJSON ¶
func (v *ContainerContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type CredentialsSerializer ¶
type CredentialsSerializer struct { // User ID UID int `json:"uid"` // User name User string `json:"user,omitempty"` // Group ID GID int `json:"gid"` // Group name Group string `json:"group,omitempty"` // Effective User ID EUID int `json:"euid"` // Effective User name EUser string `json:"euser,omitempty"` // Effective Group ID EGID int `json:"egid"` // Effective Group name EGroup string `json:"egroup,omitempty"` // Filesystem User ID FSUID int `json:"fsuid"` // Filesystem User name FSUser string `json:"fsuser,omitempty"` // Filesystem Group ID FSGID int `json:"fsgid"` // Filesystem Group name FSGroup string `json:"fsgroup,omitempty"` // Login UID AUID int `json:"auid"` // Effective Capability set CapEffective []string `json:"cap_effective"` // Permitted Capability set CapPermitted []string `json:"cap_permitted"` }
CredentialsSerializer serializes a set credentials to JSON easyjson:json
func (CredentialsSerializer) MarshalEasyJSON ¶
func (v CredentialsSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*CredentialsSerializer) UnmarshalEasyJSON ¶
func (v *CredentialsSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type DDContextSerializer ¶
type DDContextSerializer struct { // Span ID used for APM correlation SpanID string `json:"span_id,omitempty"` // Trace ID used for APM correlation TraceID string `json:"trace_id,omitempty"` }
DDContextSerializer serializes a span context to JSON easyjson:json
func (DDContextSerializer) MarshalEasyJSON ¶
func (v DDContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*DDContextSerializer) UnmarshalEasyJSON ¶
func (v *DDContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type DNSEventSerializer ¶
type DNSEventSerializer struct { // id is the unique identifier of the DNS request ID uint16 `json:"id"` // question is a DNS question for the DNS request Question DNSQuestionSerializer `json:"question"` }
DNSEventSerializer serializes a DNS event to JSON easyjson:json
func (DNSEventSerializer) MarshalEasyJSON ¶
func (v DNSEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*DNSEventSerializer) UnmarshalEasyJSON ¶
func (v *DNSEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type DNSQuestionSerializer ¶
type DNSQuestionSerializer struct { // class is the class looked up by the DNS question Class string `json:"class"` // type is a two octet code which specifies the DNS question type Type string `json:"type"` // name is the queried domain name Name string `json:"name"` // size is the total DNS request size in bytes Size uint16 `json:"size"` // count is the total count of questions in the DNS request Count uint16 `json:"count"` }
DNSQuestionSerializer serializes a DNS question to JSON easyjson:json
func (DNSQuestionSerializer) MarshalEasyJSON ¶
func (v DNSQuestionSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*DNSQuestionSerializer) UnmarshalEasyJSON ¶
func (v *DNSQuestionSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type EventContextSerializer ¶
type EventContextSerializer struct { // Event name Name string `json:"name,omitempty"` // Event category Category string `json:"category,omitempty"` // Event outcome Outcome string `json:"outcome,omitempty"` // True if the event was asynchronous Async bool `json:"async,omitempty"` // The list of rules that the event matched (only valid in the context of an anomaly) MatchedRules []MatchedRuleSerializer `json:"matched_rules,omitempty"` // Variables values Variables Variables `json:"variables,omitempty"` }
EventContextSerializer serializes an event context to JSON easyjson:json
func (EventContextSerializer) MarshalEasyJSON ¶
func (v EventContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*EventContextSerializer) UnmarshalEasyJSON ¶
func (v *EventContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type EventSerializer ¶
type EventSerializer struct { *BaseEventSerializer *NetworkContextSerializer `json:"network,omitempty"` *DDContextSerializer `json:"dd,omitempty"` *SecurityProfileContextSerializer `json:"security_profile,omitempty"` *CGroupContextSerializer `json:"cgroup,omitempty"` *SELinuxEventSerializer `json:"selinux,omitempty"` *BPFEventSerializer `json:"bpf,omitempty"` *MMapEventSerializer `json:"mmap,omitempty"` *MProtectEventSerializer `json:"mprotect,omitempty"` *PTraceEventSerializer `json:"ptrace,omitempty"` *ModuleEventSerializer `json:"module,omitempty"` *SignalEventSerializer `json:"signal,omitempty"` *SpliceEventSerializer `json:"splice,omitempty"` *DNSEventSerializer `json:"dns,omitempty"` *IMDSEventSerializer `json:"imds,omitempty"` *BindEventSerializer `json:"bind,omitempty"` *ConnectEventSerializer `json:"connect,omitempty"` *MountEventSerializer `json:"mount,omitempty"` *SyscallsEventSerializer `json:"syscalls,omitempty"` *UserContextSerializer `json:"usr,omitempty"` *SyscallContextSerializer `json:"syscall,omitempty"` *RawPacketSerializer `json:"packet,omitempty"` }
EventSerializer serializes an event to JSON easyjson:json
func NewEventSerializer ¶
func NewEventSerializer(event *model.Event, opts *eval.Opts) *EventSerializer
NewEventSerializer creates a new event serializer based on the event type
func (EventSerializer) MarshalEasyJSON ¶
func (v EventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*EventSerializer) MarshalJSON ¶
func (e *EventSerializer) MarshalJSON() ([]byte, error)
MarshalJSON returns json
func (*EventSerializer) ToJSON ¶
func (e *EventSerializer) ToJSON() ([]byte, error)
ToJSON returns json
func (*EventSerializer) UnmarshalEasyJSON ¶
func (v *EventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type EventSerializerPatcher ¶
type EventSerializerPatcher interface {
PatchEvent(*EventSerializer)
}
EventSerializerPatcher defines an event serializer patcher
type EventStringerWrapper ¶
type EventStringerWrapper struct {
Event interface{} // can be model.Event or events.CustomEvent
}
EventStringerWrapper an event stringer wrapper
func (EventStringerWrapper) String ¶
func (e EventStringerWrapper) String() string
type ExitEventSerializer ¶
type ExitEventSerializer struct { // Cause of the process termination (one of EXITED, SIGNALED, COREDUMPED) Cause string `json:"cause"` // Exit code of the process or number of the signal that caused the process to terminate Code uint32 `json:"code"` }
ExitEventSerializer serializes an exit event to JSON easyjson:json
func (ExitEventSerializer) MarshalEasyJSON ¶
func (v ExitEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ExitEventSerializer) UnmarshalEasyJSON ¶
func (v *ExitEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type FileEventSerializer ¶
type FileEventSerializer struct { FileSerializer // Target file information Destination *FileSerializer `json:"destination,omitempty"` // New Mount ID NewMountID uint32 `json:"new_mount_id,omitempty"` // Device associated with the file Device uint32 `json:"device,omitempty"` // Filesystem type FSType string `json:"fstype,omitempty"` }
FileEventSerializer serializes a file event to JSON easyjson:json
func (FileEventSerializer) MarshalEasyJSON ¶
func (v FileEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*FileEventSerializer) UnmarshalEasyJSON ¶
func (v *FileEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type FileSerializer ¶
type FileSerializer struct { // File path Path string `json:"path,omitempty"` // File basename Name string `json:"name,omitempty"` // Error message from path resolution PathResolutionError string `json:"path_resolution_error,omitempty"` // File inode number Inode *uint64 `json:"inode,omitempty"` // File mode Mode *uint32 `json:"mode,omitempty"` // Indicator of file OverlayFS layer InUpperLayer *bool `json:"in_upper_layer,omitempty"` // File mount ID MountID *uint32 `json:"mount_id,omitempty"` // File filesystem name Filesystem string `json:"filesystem,omitempty"` // File User ID UID int64 `json:"uid"` // File Group ID GID int64 `json:"gid"` // File user User string `json:"user,omitempty"` // File group Group string `json:"group,omitempty"` // File extended attribute name XAttrName string `json:"attribute_name,omitempty"` // File extended attribute namespace XAttrNamespace string `json:"attribute_namespace,omitempty"` // File flags Flags []string `json:"flags,omitempty"` // File access time Atime *utils.EasyjsonTime `json:"access_time,omitempty"` // File modified time Mtime *utils.EasyjsonTime `json:"modification_time,omitempty"` // File change time Ctime *utils.EasyjsonTime `json:"change_time,omitempty"` // System package name PackageName string `json:"package_name,omitempty"` // System package version PackageVersion string `json:"package_version,omitempty"` // List of cryptographic hashes of the file Hashes []string `json:"hashes,omitempty"` // State of the hashes or reason why they weren't computed HashState string `json:"hash_state,omitempty"` // MountPath path of the mount MountPath string `json:"mount_path,omitempty"` // MountSource source of the mount MountSource string `json:"mount_source,omitempty"` // MountOrigin origin of the mount MountOrigin string `json:"mount_origin,omitempty"` }
FileSerializer serializes a file to JSON easyjson:json
func (FileSerializer) MarshalEasyJSON ¶
func (v FileSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*FileSerializer) UnmarshalEasyJSON ¶
func (v *FileSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type IMDSEventSerializer ¶
type IMDSEventSerializer struct { // type is the type of IMDS event Type string `json:"type"` // cloud_provider is the intended cloud provider of the IMDS event CloudProvider string `json:"cloud_provider"` // url is the url of the IMDS request URL string `json:"url,omitempty"` // host is the host of the HTTP protocol Host string `json:"host,omitempty"` // user_agent is the user agent of the HTTP client UserAgent string `json:"user_agent,omitempty"` // server is the server header of a response Server string `json:"server,omitempty"` // AWS holds the AWS specific data parsed from the IMDS event AWS *AWSIMDSEventSerializer `json:"aws,omitempty"` }
IMDSEventSerializer serializes an IMDS event to JSON easyjson:json
func (IMDSEventSerializer) MarshalEasyJSON ¶
func (v IMDSEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*IMDSEventSerializer) UnmarshalEasyJSON ¶
func (v *IMDSEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type IPPortFamilySerializer ¶
type IPPortFamilySerializer struct { // Address family Family string `json:"family"` // IP address IP string `json:"ip"` // Port number Port uint16 `json:"port"` }
IPPortFamilySerializer is used to serialize an IP, port, and address family context to JSON easyjson:json
func (IPPortFamilySerializer) MarshalEasyJSON ¶
func (v IPPortFamilySerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*IPPortFamilySerializer) UnmarshalEasyJSON ¶
func (v *IPPortFamilySerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type IPPortSerializer ¶
type IPPortSerializer struct { // IP address IP string `json:"ip"` // Port number Port uint16 `json:"port"` }
IPPortSerializer is used to serialize an IP and Port context to JSON easyjson:json
func (IPPortSerializer) MarshalEasyJSON ¶
func (v IPPortSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*IPPortSerializer) UnmarshalEasyJSON ¶
func (v *IPPortSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type MMapEventSerializer ¶
type MMapEventSerializer struct { // memory segment address Address string `json:"address"` // file offset Offset uint64 `json:"offset"` // memory segment length Len uint64 `json:"length"` // memory segment protection Protection string `json:"protection"` // memory segment flags Flags string `json:"flags"` }
MMapEventSerializer serializes a mmap event to JSON easyjson:json
func (MMapEventSerializer) MarshalEasyJSON ¶
func (v MMapEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*MMapEventSerializer) UnmarshalEasyJSON ¶
func (v *MMapEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type MProtectEventSerializer ¶
type MProtectEventSerializer struct { // memory segment start address VMStart string `json:"vm_start"` // memory segment end address VMEnd string `json:"vm_end"` // initial memory segment protection VMProtection string `json:"vm_protection"` // new memory segment protection ReqProtection string `json:"req_protection"` }
MProtectEventSerializer serializes a mmap event to JSON easyjson:json
func (MProtectEventSerializer) MarshalEasyJSON ¶
func (v MProtectEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*MProtectEventSerializer) UnmarshalEasyJSON ¶
func (v *MProtectEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type MatchedRuleSerializer ¶
type MatchedRuleSerializer struct { // ID of the rule ID string `json:"id,omitempty"` // Version of the rule Version string `json:"version,omitempty"` // Tags of the rule Tags []string `json:"tags,omitempty"` // Name of the policy that introduced the rule PolicyName string `json:"policy_name,omitempty"` // Version of the policy that introduced the rule PolicyVersion string `json:"policy_version,omitempty"` }
MatchedRuleSerializer serializes a rule easyjson:json
func (MatchedRuleSerializer) MarshalEasyJSON ¶
func (v MatchedRuleSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*MatchedRuleSerializer) UnmarshalEasyJSON ¶
func (v *MatchedRuleSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ModuleEventSerializer ¶
type ModuleEventSerializer struct { // module name Name string `json:"name"` // indicates if a module was loaded from memory, as opposed to a file LoadedFromMemory *bool `json:"loaded_from_memory,omitempty"` Argv []string `json:"argv,omitempty"` ArgsTruncated *bool `json:"args_truncated,omitempty"` }
ModuleEventSerializer serializes a module event to JSON easyjson:json
func (ModuleEventSerializer) MarshalEasyJSON ¶
func (v ModuleEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ModuleEventSerializer) UnmarshalEasyJSON ¶
func (v *ModuleEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type MountEventSerializer ¶
type MountEventSerializer struct { // Mount point file information MountPoint *FileSerializer `json:"mp,omitempty"` // Root file information Root *FileSerializer `json:"root,omitempty"` // Mount ID of the new mount MountID uint32 `json:"mount_id"` // Mount ID of the parent mount ParentMountID uint32 `json:"parent_mount_id"` // Mount ID of the source of a bind mount BindSrcMountID uint32 `json:"bind_src_mount_id"` // Device associated with the file Device uint32 `json:"device"` // Filesystem type FSType string `json:"fs_type,omitempty"` // Mount point path MountPointPath string `json:"mountpoint.path,omitempty"` // Mount source path MountSourcePath string `json:"source.path,omitempty"` // Mount point path error MountRootPathResolutionError string `json:"mountpoint.path_error,omitempty"` // Mount source path error MountSourcePathResolutionError string `json:"source.path_error,omitempty"` }
MountEventSerializer serializes a mount event to JSON easyjson:json
func (MountEventSerializer) MarshalEasyJSON ¶
func (v MountEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*MountEventSerializer) UnmarshalEasyJSON ¶
func (v *MountEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type NetworkContextSerializer ¶
type NetworkContextSerializer struct { // device is the network device on which the event was captured Device *NetworkDeviceSerializer `json:"device,omitempty"` // l3_protocol is the layer 3 protocol name L3Protocol string `json:"l3_protocol"` // l4_protocol is the layer 4 protocol name L4Protocol string `json:"l4_protocol"` // source is the emitter of the network event Source IPPortSerializer `json:"source"` // destination is the receiver of the network event Destination IPPortSerializer `json:"destination"` // size is the size in bytes of the network event Size uint32 `json:"size"` }
NetworkContextSerializer serializes the network context to JSON easyjson:json
func (NetworkContextSerializer) MarshalEasyJSON ¶
func (v NetworkContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*NetworkContextSerializer) UnmarshalEasyJSON ¶
func (v *NetworkContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type NetworkDeviceSerializer ¶
type NetworkDeviceSerializer struct { // netns is the interface ifindex NetNS uint32 `json:"netns"` // ifindex is the network interface ifindex IfIndex uint32 `json:"ifindex"` // ifname is the network interface name IfName string `json:"ifname"` }
NetworkDeviceSerializer serializes the network device context to JSON easyjson:json
func (NetworkDeviceSerializer) MarshalEasyJSON ¶
func (v NetworkDeviceSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*NetworkDeviceSerializer) UnmarshalEasyJSON ¶
func (v *NetworkDeviceSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type PTraceEventSerializer ¶
type PTraceEventSerializer struct { // ptrace request Request string `json:"request"` // address at which the ptrace request was executed Address string `json:"address"` // process context of the tracee Tracee *ProcessContextSerializer `json:"tracee,omitempty"` }
PTraceEventSerializer serializes a mmap event to JSON easyjson:json
func (PTraceEventSerializer) MarshalEasyJSON ¶
func (v PTraceEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*PTraceEventSerializer) UnmarshalEasyJSON ¶
func (v *PTraceEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ProcessContextSerializer ¶
type ProcessContextSerializer struct { *ProcessSerializer // Parent process Parent *ProcessSerializer `json:"parent,omitempty"` // Ancestor processes Ancestors []*ProcessSerializer `json:"ancestors,omitempty"` // Variables values Variables Variables `json:"variables,omitempty"` // True if the ancestors list was truncated because it was too big TruncatedAncestors bool `json:"truncated_ancestors,omitempty"` }
ProcessContextSerializer serializes a process context to JSON easyjson:json
func (ProcessContextSerializer) MarshalEasyJSON ¶
func (v ProcessContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ProcessContextSerializer) UnmarshalEasyJSON ¶
func (v *ProcessContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ProcessCredentialsSerializer ¶
type ProcessCredentialsSerializer struct { *CredentialsSerializer // Credentials after the operation Destination interface{} `json:"destination,omitempty"` }
ProcessCredentialsSerializer serializes the process credentials to JSON easyjson:json
func (ProcessCredentialsSerializer) MarshalEasyJSON ¶
func (v ProcessCredentialsSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ProcessCredentialsSerializer) UnmarshalEasyJSON ¶
func (v *ProcessCredentialsSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type ProcessSerializer ¶
type ProcessSerializer struct { // Process ID Pid uint32 `json:"pid,omitempty"` // Parent Process ID PPid *uint32 `json:"ppid,omitempty"` // Thread ID Tid uint32 `json:"tid,omitempty"` // User ID UID int `json:"uid"` // Group ID GID int `json:"gid"` // User name User string `json:"user,omitempty"` // Group name Group string `json:"group,omitempty"` // Description of an error in the path resolution PathResolutionError string `json:"path_resolution_error,omitempty"` // Command name Comm string `json:"comm,omitempty"` // TTY associated with the process TTY string `json:"tty,omitempty"` // Fork time of the process ForkTime *utils.EasyjsonTime `json:"fork_time,omitempty"` // Exec time of the process ExecTime *utils.EasyjsonTime `json:"exec_time,omitempty"` // Exit time of the process ExitTime *utils.EasyjsonTime `json:"exit_time,omitempty"` // Credentials associated with the process Credentials *ProcessCredentialsSerializer `json:"credentials,omitempty"` // Context of the user session for this event UserSession *UserSessionContextSerializer `json:"user_session,omitempty"` // File information of the executable Executable *FileSerializer `json:"executable,omitempty"` // File information of the interpreter Interpreter *FileSerializer `json:"interpreter,omitempty"` // Container context Container *ContainerContextSerializer `json:"container,omitempty"` // First command line argument Argv0 string `json:"argv0,omitempty"` // Command line arguments Args []string `json:"args,omitempty"` // Indicator of arguments truncation ArgsTruncated bool `json:"args_truncated,omitempty"` // Environment variables of the process Envs []string `json:"envs,omitempty"` // Indicator of environments variable truncation EnvsTruncated bool `json:"envs_truncated,omitempty"` // Indicates whether the process is considered a thread (that is, a child process that hasn't executed another program) IsThread bool `json:"is_thread,omitempty"` // Indicates whether the process is a kworker IsKworker bool `json:"is_kworker,omitempty"` // Indicates whether the process is an exec following another exec IsExecExec bool `json:"is_exec_child,omitempty"` // Process source Source string `json:"source,omitempty"` // List of syscalls captured to generate the event Syscalls *SyscallsEventSerializer `json:"syscalls,omitempty"` // List of AWS Security Credentials that the process had access to AWSSecurityCredentials []*AWSSecurityCredentialsSerializer `json:"aws_security_credentials,omitempty"` }
ProcessSerializer serializes a process to JSON easyjson:json
func (ProcessSerializer) MarshalEasyJSON ¶
func (v ProcessSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*ProcessSerializer) UnmarshalEasyJSON ¶
func (v *ProcessSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RawPacketSerializer ¶
type RawPacketSerializer struct { *NetworkContextSerializer TLSContext *TLSContextSerializer `json:"tls,omitempty"` }
RawPacketSerializer defines a raw packet serializer easyjson:json
func (RawPacketSerializer) MarshalEasyJSON ¶
func (v RawPacketSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*RawPacketSerializer) UnmarshalEasyJSON ¶
func (v *RawPacketSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SELinuxBoolChangeSerializer ¶
type SELinuxBoolChangeSerializer struct { // SELinux boolean name Name string `json:"name,omitempty"` // SELinux boolean state ('on' or 'off') State string `json:"state,omitempty"` }
SELinuxBoolChangeSerializer serializes a SELinux boolean change to JSON easyjson:json
func (SELinuxBoolChangeSerializer) MarshalEasyJSON ¶
func (v SELinuxBoolChangeSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SELinuxBoolChangeSerializer) UnmarshalEasyJSON ¶
func (v *SELinuxBoolChangeSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SELinuxBoolCommitSerializer ¶
type SELinuxBoolCommitSerializer struct { // SELinux boolean commit operation State bool `json:"state,omitempty"` }
SELinuxBoolCommitSerializer serializes a SELinux boolean commit to JSON easyjson:json
func (SELinuxBoolCommitSerializer) MarshalEasyJSON ¶
func (v SELinuxBoolCommitSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SELinuxBoolCommitSerializer) UnmarshalEasyJSON ¶
func (v *SELinuxBoolCommitSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SELinuxEnforceStatusSerializer ¶
type SELinuxEnforceStatusSerializer struct { // SELinux enforcement status (one of 'enforcing', 'permissive' or 'disabled') Status string `json:"status,omitempty"` }
SELinuxEnforceStatusSerializer serializes a SELinux enforcement status change to JSON easyjson:json
func (SELinuxEnforceStatusSerializer) MarshalEasyJSON ¶
func (v SELinuxEnforceStatusSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SELinuxEnforceStatusSerializer) UnmarshalEasyJSON ¶
func (v *SELinuxEnforceStatusSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SELinuxEventSerializer ¶
type SELinuxEventSerializer struct { // SELinux boolean operation BoolChange *SELinuxBoolChangeSerializer `json:"bool,omitempty"` // SELinux enforcement change EnforceStatus *SELinuxEnforceStatusSerializer `json:"enforce,omitempty"` // SELinux boolean commit BoolCommit *SELinuxBoolCommitSerializer `json:"bool_commit,omitempty"` }
SELinuxEventSerializer serializes a SELinux context to JSON easyjson:json
func (SELinuxEventSerializer) MarshalEasyJSON ¶
func (v SELinuxEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SELinuxEventSerializer) UnmarshalEasyJSON ¶
func (v *SELinuxEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SecurityProfileContextSerializer ¶
type SecurityProfileContextSerializer struct { // Name of the security profile Name string `json:"name"` // Version of the profile in use Version string `json:"version"` // List of tags associated to this profile Tags []string `json:"tags"` // True if the corresponding event is part of this profile EventInProfile bool `json:"event_in_profile"` // State of the event type in this profile EventTypeState string `json:"event_type_state"` }
SecurityProfileContextSerializer serializes the security profile context in an event easyjson:json
func (SecurityProfileContextSerializer) MarshalEasyJSON ¶
func (v SecurityProfileContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SecurityProfileContextSerializer) UnmarshalEasyJSON ¶
func (v *SecurityProfileContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SetgidSerializer ¶
type SetgidSerializer struct { // Group ID GID int `json:"gid"` // Group name Group string `json:"group,omitempty"` // Effective Group ID EGID int `json:"egid"` // Effective Group name EGroup string `json:"egroup,omitempty"` // Filesystem Group ID FSGID int `json:"fsgid"` // Filesystem Group name FSGroup string `json:"fsgroup,omitempty"` }
SetgidSerializer serializes a setgid event easyjson:json
func (SetgidSerializer) MarshalEasyJSON ¶
func (v SetgidSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SetgidSerializer) UnmarshalEasyJSON ¶
func (v *SetgidSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SetuidSerializer ¶
type SetuidSerializer struct { // User ID UID int `json:"uid"` // User name User string `json:"user,omitempty"` // Effective User ID EUID int `json:"euid"` // Effective User name EUser string `json:"euser,omitempty"` // Filesystem User ID FSUID int `json:"fsuid"` // Filesystem User name FSUser string `json:"fsuser,omitempty"` }
SetuidSerializer serializes a setuid event easyjson:json
func (SetuidSerializer) MarshalEasyJSON ¶
func (v SetuidSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SetuidSerializer) UnmarshalEasyJSON ¶
func (v *SetuidSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SignalEventSerializer ¶
type SignalEventSerializer struct { // signal type Type string `json:"type"` // signal target pid PID uint32 `json:"pid"` // process context of the signal target Target *ProcessContextSerializer `json:"target,omitempty"` }
SignalEventSerializer serializes a signal event to JSON easyjson:json
func (SignalEventSerializer) MarshalEasyJSON ¶
func (v SignalEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SignalEventSerializer) UnmarshalEasyJSON ¶
func (v *SignalEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SpliceEventSerializer ¶
type SpliceEventSerializer struct { // Entry flag of the fd_out pipe passed to the splice syscall PipeEntryFlag string `json:"pipe_entry_flag"` // Exit flag of the fd_out pipe passed to the splice syscall PipeExitFlag string `json:"pipe_exit_flag"` }
SpliceEventSerializer serializes a splice event to JSON easyjson:json
func (SpliceEventSerializer) MarshalEasyJSON ¶
func (v SpliceEventSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SpliceEventSerializer) UnmarshalEasyJSON ¶
func (v *SpliceEventSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SyscallArgsSerializer ¶
type SyscallArgsSerializer struct { // Path argument Path *string `json:"path,omitempty"` // Flags argument Flags *int `json:"flags,omitempty"` // Mode argument Mode *int `json:"mode,omitempty"` // UID argument UID *int `json:"uid,omitempty"` // GID argument GID *int `json:"gid,omitempty"` // Directory file descriptor argument DirFd *int `json:"dirfd,omitempty"` // Destination path argument DestinationPath *string `json:"destination_path,omitempty"` // File system type argument FSType *string `json:"fs_type,omitempty"` }
SyscallArgsSerializer args serializer easyjson:json
func (SyscallArgsSerializer) MarshalEasyJSON ¶
func (v SyscallArgsSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SyscallArgsSerializer) UnmarshalEasyJSON ¶
func (v *SyscallArgsSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SyscallContextSerializer ¶
type SyscallContextSerializer struct { Chmod *SyscallArgsSerializer `json:"chmod,omitempty"` Chown *SyscallArgsSerializer `json:"chown,omitempty"` Chdir *SyscallArgsSerializer `json:"chdir,omitempty"` Exec *SyscallArgsSerializer `json:"exec,omitempty"` Open *SyscallArgsSerializer `json:"open,omitempty"` Unlink *SyscallArgsSerializer `json:"unlink,omitempty"` Link *SyscallArgsSerializer `json:"link,omitempty"` Rename *SyscallArgsSerializer `json:"rename,omitempty"` Utimes *SyscallArgsSerializer `json:"utimes,omitempty"` Mount *SyscallArgsSerializer `json:"mount,omitempty"` Mkdir *SyscallArgsSerializer `json:"mkdir,omitempty"` Rmdir *SyscallArgsSerializer `json:"rmdir,omitempty"` }
SyscallContextSerializer serializes syscall context easyjson:json
func (SyscallContextSerializer) MarshalEasyJSON ¶
func (v SyscallContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*SyscallContextSerializer) UnmarshalEasyJSON ¶
func (v *SyscallContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type SyscallSerializer ¶
type SyscallSerializer struct { // Name of the syscall Name string `json:"name"` // ID of the syscall in the host architecture ID int `json:"id"` }
SyscallSerializer serializes a syscall
type SyscallsEventSerializer ¶
type SyscallsEventSerializer []SyscallSerializer
SyscallsEventSerializer serializes the syscalls from a syscalls event
type TLSContextSerializer ¶
type TLSContextSerializer struct {
Version string `json:"version,omitempty"`
}
TLSContextSerializer defines a tls context serializer easyjson:json
func (TLSContextSerializer) MarshalEasyJSON ¶
func (v TLSContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*TLSContextSerializer) UnmarshalEasyJSON ¶
func (v *TLSContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type UserContextSerializer ¶
type UserContextSerializer struct { // User name User string `json:"id,omitempty"` // Group name Group string `json:"group,omitempty"` }
UserContextSerializer serializes a user context to JSON easyjson:json
func (UserContextSerializer) MarshalEasyJSON ¶
func (v UserContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*UserContextSerializer) UnmarshalEasyJSON ¶
func (v *UserContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type UserSessionContextSerializer ¶
type UserSessionContextSerializer struct { // Unique identifier of the user session on the host ID string `json:"id,omitempty"` // Type of the user session SessionType string `json:"session_type,omitempty"` // Username of the Kubernetes "kubectl exec" session K8SUsername string `json:"k8s_username,omitempty"` // UID of the Kubernetes "kubectl exec" session K8SUID string `json:"k8s_uid,omitempty"` // Groups of the Kubernetes "kubectl exec" session K8SGroups []string `json:"k8s_groups,omitempty"` // Extra of the Kubernetes "kubectl exec" session K8SExtra map[string][]string `json:"k8s_extra,omitempty"` }
UserSessionContextSerializer serializes the user session context to JSON easyjson:json
func (UserSessionContextSerializer) MarshalEasyJSON ¶
func (v UserSessionContextSerializer) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*UserSessionContextSerializer) UnmarshalEasyJSON ¶
func (v *UserSessionContextSerializer) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type Variables ¶
type Variables map[string]interface{}
Variables serializes the variable values easyjson:json
func (Variables) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (*Variables) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface