engine

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 31, 2023 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

View Source
const ALL_EVENT_ORIGINS = "*"
View Source
const ALL_EVENT_TYPES = "*"
View Source
const EVENT_CONTAINER_ORIGIN = "container"
View Source
const EVENT_HOST_ORIGIN = "host"

Variables

This section is empty.

Functions

func StartPipeline

func StartPipeline(ctx context.Context, cfg Config, input chan protocol.Event) <-chan detect.Finding

StartPipeline receives an input channel, and returns an output channel allowing the signatures engine to be used in the events pipeline

Types

type Config

type Config struct {
	// Enables the signatures engine to run in the events pipeline
	Enabled             bool
	SignatureBufferSize uint
	Signatures          []detect.Signature
}

Config defines the engine's configurable values

type Engine

type Engine struct {
	// contains filtered or unexported fields
}

Engine is a signatures-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings

func NewEngine

func NewEngine(config Config, sources EventSources, output chan detect.Finding) (*Engine, error)

NewEngine creates a new signatures-engine with the given arguments inputs and outputs are given as channels created by the consumer

func (*Engine) GetSelectedEvents

func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector

GetSelectedEvents returns the event selectors that are relevant to the currently loaded signatures

func (*Engine) LoadSignature

func (engine *Engine) LoadSignature(signature detect.Signature) (string, error)

LoadSignature will call the internal signature loading logic and activate its handling business logics. It will return the signature ID as well as error.

func (*Engine) Start

func (engine *Engine) Start(ctx context.Context)

Start starts processing events and detecting signatures it runs continuously until stopped by the done channel once done, it cleans all internal resources, which means the engine is not reusable note that the input and output channels are created by the consumer and therefore are not closed

func (*Engine) Stats

func (engine *Engine) Stats() *metrics.Stats

func (*Engine) UnloadSignature

func (engine *Engine) UnloadSignature(signatureId string) error

UnloadSignature will remove from Engine data structures the given signature and stop its handling goroutine

type EventSources

type EventSources struct {
	Tracee chan protocol.Event
}

EventSources is a bundle of input sources used to configure the Engine

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL