engine

package

v0.6.5 Latest Latest Go to latest Published: Dec 6, 2021 License: Apache-2.0 Imports: 10 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aquasecurity/tracee

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Engine
- func NewEngine(sigs []types.Signature, sources EventSources, output chan types.Finding, ...) (*Engine, error)
type EventSources
type ParsedEvent
- func ToParsedEvent(e tracee.Event) (ParsedEvent, error)

Constants ¶

View Source

const ALL_EVENT_ORIGINS = "*"

View Source

const ALL_EVENT_TYPES = "*"

View Source

const EVENT_CONTAINER_ORIGIN = "container"

View Source

const EVENT_HOST_ORIGIN = "host"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

Engine is a rule-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings

func NewEngine ¶

func NewEngine(sigs []types.Signature, sources EventSources, output chan types.Finding, logWriter io.Writer, parsedEvents bool) (*Engine, error)

NewEngine creates a new rules-engine with the given arguments inputs and outputs are given as channels created by the consumer

func (*Engine) GetSelectedEvents ¶

func (engine *Engine) GetSelectedEvents() []types.SignatureEventSelector

GetSelectedEvents returns the event selectors that are relevant to the currently loaded signatures

func (*Engine) LoadSignature ¶

func (engine *Engine) LoadSignature(signature types.Signature) (string, error)

LoadSignature will store in Engine data structures the given signature and activate its handling business logics. It will return the signature ID as well as error.

func (*Engine) Start ¶

func (engine *Engine) Start(done chan bool)

Start starts processing events and detecting signatures it runs continuously until stopped by the done channel once done, it cleans all internal resources, which means the engine is not reusable note that the input and output channels are created by the consumer and therefore are not closed

func (*Engine) UnloadSignature ¶

func (engine *Engine) UnloadSignature(signatureId string) error

UnloadSignature will remove from Engine data structures the given signature and stop its handling goroutine

type EventSources ¶

type EventSources struct {
	Tracee chan types.Event
}

EventSources is a bundle of input sources used to configure the Engine

type ParsedEvent ¶

type ParsedEvent struct {
	Event tracee.Event
	Value ast.Value
}

ParsedEvent holds the original tracee.Event and its OPA ast.Value representation.

func ToParsedEvent ¶

func ToParsedEvent(e tracee.Event) (ParsedEvent, error)

ToParsedEvent enhances tracee.Event with OPA ast.Value. This is mainly used for performance optimization to avoid parsing tracee.Event multiple times.

Source Files ¶

View all Source files

engine.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL