Versions in this module Expand all Collapse all v1 v1.1.0 Apr 29, 2024 Changes in this version + func CheckerLogPrefix(checker interface{ ... }) string + func NextResponseCheck(c MultiEventChecker, res *tetragon.GetEventsResponse, l *logrus.Logger) (bool, error) + type BinaryPropertiesChecker struct + File *FilePropertiesChecker + PrivilegesChanged *ProcessPrivilegesChangedListMatcher + Setgid *uint32 + Setuid *uint32 + func NewBinaryPropertiesChecker() *BinaryPropertiesChecker + func (checker *BinaryPropertiesChecker) Check(event *tetragon.BinaryProperties) error + func (checker *BinaryPropertiesChecker) FromBinaryProperties(event *tetragon.BinaryProperties) *BinaryPropertiesChecker + func (checker *BinaryPropertiesChecker) GetCheckerType() string + func (checker *BinaryPropertiesChecker) WithFile(check *FilePropertiesChecker) *BinaryPropertiesChecker + func (checker *BinaryPropertiesChecker) WithPrivilegesChanged(check *ProcessPrivilegesChangedListMatcher) *BinaryPropertiesChecker + func (checker *BinaryPropertiesChecker) WithSetgid(check uint32) *BinaryPropertiesChecker + func (checker *BinaryPropertiesChecker) WithSetuid(check uint32) *BinaryPropertiesChecker + type CapabilitiesChecker struct + Effective *CapabilitiesTypeListMatcher + Inheritable *CapabilitiesTypeListMatcher + Permitted *CapabilitiesTypeListMatcher + func NewCapabilitiesChecker() *CapabilitiesChecker + func (checker *CapabilitiesChecker) Check(event *tetragon.Capabilities) error + func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker + func (checker *CapabilitiesChecker) GetCheckerType() string + func (checker *CapabilitiesChecker) WithEffective(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker + func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker + func (checker *CapabilitiesChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker + type CapabilitiesTypeChecker tetragon.CapabilitiesType + func NewCapabilitiesTypeChecker(val tetragon.CapabilitiesType) *CapabilitiesTypeChecker + func (enum *CapabilitiesTypeChecker) Check(val *tetragon.CapabilitiesType) error + func (enum *CapabilitiesTypeChecker) UnmarshalJSON(b []byte) error + func (enum CapabilitiesTypeChecker) MarshalJSON() ([]byte, error) + type CapabilitiesTypeListMatcher struct + Operator listmatcher.Operator + Values []*CapabilitiesTypeChecker + func NewCapabilitiesTypeListMatcher() *CapabilitiesTypeListMatcher + func (checker *CapabilitiesTypeListMatcher) Check(values []tetragon.CapabilitiesType) error + func (checker *CapabilitiesTypeListMatcher) WithOperator(operator listmatcher.Operator) *CapabilitiesTypeListMatcher + func (checker *CapabilitiesTypeListMatcher) WithValues(values ...*CapabilitiesTypeChecker) *CapabilitiesTypeListMatcher + type ContainerChecker struct + Id *stringmatcher.StringMatcher + Image *ImageChecker + MaybeExecProbe *bool + Name *stringmatcher.StringMatcher + Pid *uint32 + StartTime *timestampmatcher.TimestampMatcher + func NewContainerChecker() *ContainerChecker + func (checker *ContainerChecker) Check(event *tetragon.Container) error + func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker + func (checker *ContainerChecker) GetCheckerType() string + func (checker *ContainerChecker) WithId(check *stringmatcher.StringMatcher) *ContainerChecker + func (checker *ContainerChecker) WithImage(check *ImageChecker) *ContainerChecker + func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecker + func (checker *ContainerChecker) WithName(check *stringmatcher.StringMatcher) *ContainerChecker + func (checker *ContainerChecker) WithPid(check uint32) *ContainerChecker + func (checker *ContainerChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ContainerChecker + type Event tetragon.Event + func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error) + type EventChecker interface + CheckEvent func(Event) error + CheckResponse func(*tetragon.GetEventsResponse) error + func CheckerFromEvent(event Event) (EventChecker, error) + func CheckerFromResponse(response *tetragon.GetEventsResponse) (EventChecker, error) + type FilePropertiesChecker struct + Inode *InodePropertiesChecker + Path *stringmatcher.StringMatcher + func NewFilePropertiesChecker() *FilePropertiesChecker + func (checker *FilePropertiesChecker) Check(event *tetragon.FileProperties) error + func (checker *FilePropertiesChecker) FromFileProperties(event *tetragon.FileProperties) *FilePropertiesChecker + func (checker *FilePropertiesChecker) GetCheckerType() string + func (checker *FilePropertiesChecker) WithInode(check *InodePropertiesChecker) *FilePropertiesChecker + func (checker *FilePropertiesChecker) WithPath(check *stringmatcher.StringMatcher) *FilePropertiesChecker + type FnEventChecker struct + FinalCheckFn func(*logrus.Logger) error + NextCheckFn func(Event, *logrus.Logger) (bool, error) + func (checker *FnEventChecker) FinalCheck(logger *logrus.Logger) error + func (checker *FnEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error) + type ImageChecker struct + Id *stringmatcher.StringMatcher + Name *stringmatcher.StringMatcher + func NewImageChecker() *ImageChecker + func (checker *ImageChecker) Check(event *tetragon.Image) error + func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker + func (checker *ImageChecker) GetCheckerType() string + func (checker *ImageChecker) WithId(check *stringmatcher.StringMatcher) *ImageChecker + func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *ImageChecker + type InodePropertiesChecker struct + Links *uint32 + Number *uint64 + func NewInodePropertiesChecker() *InodePropertiesChecker + func (checker *InodePropertiesChecker) Check(event *tetragon.InodeProperties) error + func (checker *InodePropertiesChecker) FromInodeProperties(event *tetragon.InodeProperties) *InodePropertiesChecker + func (checker *InodePropertiesChecker) GetCheckerType() string + func (checker *InodePropertiesChecker) WithLinks(check uint32) *InodePropertiesChecker + func (checker *InodePropertiesChecker) WithNumber(check uint64) *InodePropertiesChecker + type KernelModuleChecker struct + Name *stringmatcher.StringMatcher + SignatureOk *bool + Tainted *TaintedBitsTypeListMatcher + func NewKernelModuleChecker() *KernelModuleChecker + func (checker *KernelModuleChecker) Check(event *tetragon.KernelModule) error + func (checker *KernelModuleChecker) FromKernelModule(event *tetragon.KernelModule) *KernelModuleChecker + func (checker *KernelModuleChecker) GetCheckerType() string + func (checker *KernelModuleChecker) WithName(check *stringmatcher.StringMatcher) *KernelModuleChecker + func (checker *KernelModuleChecker) WithSignatureOk(check bool) *KernelModuleChecker + func (checker *KernelModuleChecker) WithTainted(check *TaintedBitsTypeListMatcher) *KernelModuleChecker + type KprobeActionChecker tetragon.KprobeAction + func NewKprobeActionChecker(val tetragon.KprobeAction) *KprobeActionChecker + func (enum *KprobeActionChecker) Check(val *tetragon.KprobeAction) error + func (enum *KprobeActionChecker) UnmarshalJSON(b []byte) error + func (enum KprobeActionChecker) MarshalJSON() ([]byte, error) + type KprobeArgumentChecker struct + BpfAttrArg *KprobeBpfAttrChecker + BpfMapArg *KprobeBpfMapChecker + BytesArg *bytesmatcher.BytesMatcher + CapEffectiveArg *stringmatcher.StringMatcher + CapInheritableArg *stringmatcher.StringMatcher + CapPermittedArg *stringmatcher.StringMatcher + CapabilityArg *KprobeCapabilityChecker + CredArg *KprobeCredChecker + FileArg *KprobeFileChecker + IntArg *int32 + KernelCapTArg *stringmatcher.StringMatcher + Label *stringmatcher.StringMatcher + LinuxBinprmArg *KprobeLinuxBinprmChecker + LongArg *int64 + ModuleArg *KernelModuleChecker + NetDevArg *KprobeNetDevChecker + PathArg *KprobePathChecker + PerfEventArg *KprobePerfEventChecker + ProcessCredentialsArg *ProcessCredentialsChecker + SizeArg *uint64 + SkbArg *KprobeSkbChecker + SockArg *KprobeSockChecker + StringArg *stringmatcher.StringMatcher + TruncatedBytesArg *KprobeTruncatedBytesChecker + UintArg *uint32 + UserNamespaceArg *KprobeUserNamespaceChecker + UserNsArg *UserNamespaceChecker + func NewKprobeArgumentChecker() *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) Check(event *tetragon.KprobeArgument) error + func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) GetCheckerType() string + func (checker *KprobeArgumentChecker) WithBpfAttrArg(check *KprobeBpfAttrChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithBpfMapArg(check *KprobeBpfMapChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithCapEffectiveArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithCapInheritableArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithCapPermittedArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithCapabilityArg(check *KprobeCapabilityChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithCredArg(check *KprobeCredChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithFileArg(check *KprobeFileChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithIntArg(check int32) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithKernelCapTArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithLabel(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithLinuxBinprmArg(check *KprobeLinuxBinprmChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithLongArg(check int64) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithModuleArg(check *KernelModuleChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithNetDevArg(check *KprobeNetDevChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithPathArg(check *KprobePathChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithPerfEventArg(check *KprobePerfEventChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithProcessCredentialsArg(check *ProcessCredentialsChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithSizeArg(check uint64) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithSkbArg(check *KprobeSkbChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithSockArg(check *KprobeSockChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithStringArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithTruncatedBytesArg(check *KprobeTruncatedBytesChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithUintArg(check uint32) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithUserNamespaceArg(check *KprobeUserNamespaceChecker) *KprobeArgumentChecker + func (checker *KprobeArgumentChecker) WithUserNsArg(check *UserNamespaceChecker) *KprobeArgumentChecker + type KprobeArgumentListMatcher struct + Operator listmatcher.Operator + Values []*KprobeArgumentChecker + func NewKprobeArgumentListMatcher() *KprobeArgumentListMatcher + func (checker *KprobeArgumentListMatcher) Check(values []*tetragon.KprobeArgument) error + func (checker *KprobeArgumentListMatcher) WithOperator(operator listmatcher.Operator) *KprobeArgumentListMatcher + func (checker *KprobeArgumentListMatcher) WithValues(values ...*KprobeArgumentChecker) *KprobeArgumentListMatcher + type KprobeBpfAttrChecker struct + InsnCnt *uint32 + ProgName *stringmatcher.StringMatcher + ProgType *stringmatcher.StringMatcher + func NewKprobeBpfAttrChecker() *KprobeBpfAttrChecker + func (checker *KprobeBpfAttrChecker) Check(event *tetragon.KprobeBpfAttr) error + func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker + func (checker *KprobeBpfAttrChecker) GetCheckerType() string + func (checker *KprobeBpfAttrChecker) WithInsnCnt(check uint32) *KprobeBpfAttrChecker + func (checker *KprobeBpfAttrChecker) WithProgName(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker + func (checker *KprobeBpfAttrChecker) WithProgType(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker + type KprobeBpfMapChecker struct + KeySize *uint32 + MapName *stringmatcher.StringMatcher + MapType *stringmatcher.StringMatcher + MaxEntries *uint32 + ValueSize *uint32 + func NewKprobeBpfMapChecker() *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) Check(event *tetragon.KprobeBpfMap) error + func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) GetCheckerType() string + func (checker *KprobeBpfMapChecker) WithKeySize(check uint32) *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) WithMapName(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) WithMapType(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) WithMaxEntries(check uint32) *KprobeBpfMapChecker + func (checker *KprobeBpfMapChecker) WithValueSize(check uint32) *KprobeBpfMapChecker + type KprobeCapabilityChecker struct + Name *stringmatcher.StringMatcher + Value *int32 + func NewKprobeCapabilityChecker() *KprobeCapabilityChecker + func (checker *KprobeCapabilityChecker) Check(event *tetragon.KprobeCapability) error + func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker + func (checker *KprobeCapabilityChecker) GetCheckerType() string + func (checker *KprobeCapabilityChecker) WithName(check *stringmatcher.StringMatcher) *KprobeCapabilityChecker + func (checker *KprobeCapabilityChecker) WithValue(check int32) *KprobeCapabilityChecker + type KprobeCredChecker struct + Effective *CapabilitiesTypeListMatcher + Inheritable *CapabilitiesTypeListMatcher + Permitted *CapabilitiesTypeListMatcher + func NewKprobeCredChecker() *KprobeCredChecker + func (checker *KprobeCredChecker) Check(event *tetragon.KprobeCred) error + func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker + func (checker *KprobeCredChecker) GetCheckerType() string + func (checker *KprobeCredChecker) WithEffective(check *CapabilitiesTypeListMatcher) *KprobeCredChecker + func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *KprobeCredChecker + func (checker *KprobeCredChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *KprobeCredChecker + type KprobeFileChecker struct + Flags *stringmatcher.StringMatcher + Mount *stringmatcher.StringMatcher + Path *stringmatcher.StringMatcher + Permission *stringmatcher.StringMatcher + func NewKprobeFileChecker() *KprobeFileChecker + func (checker *KprobeFileChecker) Check(event *tetragon.KprobeFile) error + func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker + func (checker *KprobeFileChecker) GetCheckerType() string + func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeFileChecker + func (checker *KprobeFileChecker) WithMount(check *stringmatcher.StringMatcher) *KprobeFileChecker + func (checker *KprobeFileChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeFileChecker + func (checker *KprobeFileChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeFileChecker + type KprobeLinuxBinprmChecker struct + Flags *stringmatcher.StringMatcher + Path *stringmatcher.StringMatcher + Permission *stringmatcher.StringMatcher + func NewKprobeLinuxBinprmChecker() *KprobeLinuxBinprmChecker + func (checker *KprobeLinuxBinprmChecker) Check(event *tetragon.KprobeLinuxBinprm) error + func (checker *KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm(event *tetragon.KprobeLinuxBinprm) *KprobeLinuxBinprmChecker + func (checker *KprobeLinuxBinprmChecker) GetCheckerType() string + func (checker *KprobeLinuxBinprmChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker + func (checker *KprobeLinuxBinprmChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker + func (checker *KprobeLinuxBinprmChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker + type KprobeNetDevChecker struct + Name *stringmatcher.StringMatcher + func NewKprobeNetDevChecker() *KprobeNetDevChecker + func (checker *KprobeNetDevChecker) Check(event *tetragon.KprobeNetDev) error + func (checker *KprobeNetDevChecker) FromKprobeNetDev(event *tetragon.KprobeNetDev) *KprobeNetDevChecker + func (checker *KprobeNetDevChecker) GetCheckerType() string + func (checker *KprobeNetDevChecker) WithName(check *stringmatcher.StringMatcher) *KprobeNetDevChecker + type KprobePathChecker struct + Flags *stringmatcher.StringMatcher + Mount *stringmatcher.StringMatcher + Path *stringmatcher.StringMatcher + Permission *stringmatcher.StringMatcher + func NewKprobePathChecker() *KprobePathChecker + func (checker *KprobePathChecker) Check(event *tetragon.KprobePath) error + func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker + func (checker *KprobePathChecker) GetCheckerType() string + func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobePathChecker + func (checker *KprobePathChecker) WithMount(check *stringmatcher.StringMatcher) *KprobePathChecker + func (checker *KprobePathChecker) WithPath(check *stringmatcher.StringMatcher) *KprobePathChecker + func (checker *KprobePathChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobePathChecker + type KprobePerfEventChecker struct + Config *uint64 + KprobeFunc *stringmatcher.StringMatcher + ProbeOffset *uint64 + Type *stringmatcher.StringMatcher + func NewKprobePerfEventChecker() *KprobePerfEventChecker + func (checker *KprobePerfEventChecker) Check(event *tetragon.KprobePerfEvent) error + func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker + func (checker *KprobePerfEventChecker) GetCheckerType() string + func (checker *KprobePerfEventChecker) WithConfig(check uint64) *KprobePerfEventChecker + func (checker *KprobePerfEventChecker) WithKprobeFunc(check *stringmatcher.StringMatcher) *KprobePerfEventChecker + func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerfEventChecker + func (checker *KprobePerfEventChecker) WithType(check *stringmatcher.StringMatcher) *KprobePerfEventChecker + type KprobeSkbChecker struct + Daddr *stringmatcher.StringMatcher + Dport *uint32 + Family *stringmatcher.StringMatcher + Hash *uint32 + Len *uint32 + Mark *uint32 + Priority *uint32 + Proto *uint32 + Protocol *stringmatcher.StringMatcher + Saddr *stringmatcher.StringMatcher + SecPathLen *uint32 + SecPathOlen *uint32 + Sport *uint32 + func NewKprobeSkbChecker() *KprobeSkbChecker + func (checker *KprobeSkbChecker) Check(event *tetragon.KprobeSkb) error + func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker + func (checker *KprobeSkbChecker) GetCheckerType() string + func (checker *KprobeSkbChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithDport(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithHash(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithLen(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithMark(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithPriority(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithProto(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithSecPathLen(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithSecPathOlen(check uint32) *KprobeSkbChecker + func (checker *KprobeSkbChecker) WithSport(check uint32) *KprobeSkbChecker + type KprobeSockChecker struct + Cookie *uint64 + Daddr *stringmatcher.StringMatcher + Dport *uint32 + Family *stringmatcher.StringMatcher + Mark *uint32 + Priority *uint32 + Protocol *stringmatcher.StringMatcher + Saddr *stringmatcher.StringMatcher + Sport *uint32 + State *stringmatcher.StringMatcher + Type *stringmatcher.StringMatcher + func NewKprobeSockChecker() *KprobeSockChecker + func (checker *KprobeSockChecker) Check(event *tetragon.KprobeSock) error + func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker + func (checker *KprobeSockChecker) GetCheckerType() string + func (checker *KprobeSockChecker) WithCookie(check uint64) *KprobeSockChecker + func (checker *KprobeSockChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker + func (checker *KprobeSockChecker) WithDport(check uint32) *KprobeSockChecker + func (checker *KprobeSockChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSockChecker + func (checker *KprobeSockChecker) WithMark(check uint32) *KprobeSockChecker + func (checker *KprobeSockChecker) WithPriority(check uint32) *KprobeSockChecker + func (checker *KprobeSockChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSockChecker + func (checker *KprobeSockChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker + func (checker *KprobeSockChecker) WithSport(check uint32) *KprobeSockChecker + func (checker *KprobeSockChecker) WithState(check *stringmatcher.StringMatcher) *KprobeSockChecker + func (checker *KprobeSockChecker) WithType(check *stringmatcher.StringMatcher) *KprobeSockChecker + type KprobeTruncatedBytesChecker struct + BytesArg *bytesmatcher.BytesMatcher + OrigSize *uint64 + func NewKprobeTruncatedBytesChecker() *KprobeTruncatedBytesChecker + func (checker *KprobeTruncatedBytesChecker) Check(event *tetragon.KprobeTruncatedBytes) error + func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker + func (checker *KprobeTruncatedBytesChecker) GetCheckerType() string + func (checker *KprobeTruncatedBytesChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeTruncatedBytesChecker + func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTruncatedBytesChecker + type KprobeUserNamespaceChecker struct + Group *uint32 + Level *int32 + Ns *NamespaceChecker + Owner *uint32 + func NewKprobeUserNamespaceChecker() *KprobeUserNamespaceChecker + func (checker *KprobeUserNamespaceChecker) Check(event *tetragon.KprobeUserNamespace) error + func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker + func (checker *KprobeUserNamespaceChecker) GetCheckerType() string + func (checker *KprobeUserNamespaceChecker) WithGroup(check uint32) *KprobeUserNamespaceChecker + func (checker *KprobeUserNamespaceChecker) WithLevel(check int32) *KprobeUserNamespaceChecker + func (checker *KprobeUserNamespaceChecker) WithNs(check *NamespaceChecker) *KprobeUserNamespaceChecker + func (checker *KprobeUserNamespaceChecker) WithOwner(check uint32) *KprobeUserNamespaceChecker + type MultiEventChecker interface + FinalCheck func(*logrus.Logger) error + NextEventCheck func(Event, *logrus.Logger) (bool, error) + type NamespaceChecker struct + Inum *uint32 + IsHost *bool + func NewNamespaceChecker() *NamespaceChecker + func (checker *NamespaceChecker) Check(event *tetragon.Namespace) error + func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker + func (checker *NamespaceChecker) GetCheckerType() string + func (checker *NamespaceChecker) WithInum(check uint32) *NamespaceChecker + func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker + type NamespacesChecker struct + Cgroup *NamespaceChecker + Ipc *NamespaceChecker + Mnt *NamespaceChecker + Net *NamespaceChecker + Pid *NamespaceChecker + PidForChildren *NamespaceChecker + Time *NamespaceChecker + TimeForChildren *NamespaceChecker + User *NamespaceChecker + Uts *NamespaceChecker + func NewNamespacesChecker() *NamespacesChecker + func (checker *NamespacesChecker) Check(event *tetragon.Namespaces) error + func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker + func (checker *NamespacesChecker) GetCheckerType() string + func (checker *NamespacesChecker) WithCgroup(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithIpc(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithMnt(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithNet(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithPid(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithPidForChildren(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithTime(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithTimeForChildren(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesChecker + func (checker *NamespacesChecker) WithUts(check *NamespaceChecker) *NamespacesChecker + type OrderedEventChecker struct + func NewOrderedEventChecker(checks ...EventChecker) *OrderedEventChecker + func (checker *OrderedEventChecker) AddChecks(checks ...EventChecker) + func (checker *OrderedEventChecker) FinalCheck(logger *logrus.Logger) error + func (checker *OrderedEventChecker) GetChecks() []EventChecker + func (checker *OrderedEventChecker) GetRemainingChecks() []EventChecker + func (checker *OrderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error) + type PodChecker struct + Container *ContainerChecker + Name *stringmatcher.StringMatcher + Namespace *stringmatcher.StringMatcher + PodLabels map[string]stringmatcher.StringMatcher + Workload *stringmatcher.StringMatcher + WorkloadKind *stringmatcher.StringMatcher + func NewPodChecker() *PodChecker + func (checker *PodChecker) Check(event *tetragon.Pod) error + func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker + func (checker *PodChecker) GetCheckerType() string + func (checker *PodChecker) WithContainer(check *ContainerChecker) *PodChecker + func (checker *PodChecker) WithName(check *stringmatcher.StringMatcher) *PodChecker + func (checker *PodChecker) WithNamespace(check *stringmatcher.StringMatcher) *PodChecker + func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMatcher) *PodChecker + func (checker *PodChecker) WithWorkload(check *stringmatcher.StringMatcher) *PodChecker + func (checker *PodChecker) WithWorkloadKind(check *stringmatcher.StringMatcher) *PodChecker + type ProcessChecker struct + Arguments *stringmatcher.StringMatcher + Auid *uint32 + Binary *stringmatcher.StringMatcher + BinaryProperties *BinaryPropertiesChecker + Cap *CapabilitiesChecker + Cwd *stringmatcher.StringMatcher + Docker *stringmatcher.StringMatcher + ExecId *stringmatcher.StringMatcher + Flags *stringmatcher.StringMatcher + Ns *NamespacesChecker + ParentExecId *stringmatcher.StringMatcher + Pid *uint32 + Pod *PodChecker + ProcessCredentials *ProcessCredentialsChecker + Refcnt *uint32 + StartTime *timestampmatcher.TimestampMatcher + Tid *uint32 + Uid *uint32 + func NewProcessChecker() *ProcessChecker + func (checker *ProcessChecker) Check(event *tetragon.Process) error + func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker + func (checker *ProcessChecker) GetCheckerType() string + func (checker *ProcessChecker) WithArguments(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithAuid(check uint32) *ProcessChecker + func (checker *ProcessChecker) WithBinary(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithBinaryProperties(check *BinaryPropertiesChecker) *ProcessChecker + func (checker *ProcessChecker) WithCap(check *CapabilitiesChecker) *ProcessChecker + func (checker *ProcessChecker) WithCwd(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithDocker(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithExecId(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithFlags(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithNs(check *NamespacesChecker) *ProcessChecker + func (checker *ProcessChecker) WithParentExecId(check *stringmatcher.StringMatcher) *ProcessChecker + func (checker *ProcessChecker) WithPid(check uint32) *ProcessChecker + func (checker *ProcessChecker) WithPod(check *PodChecker) *ProcessChecker + func (checker *ProcessChecker) WithProcessCredentials(check *ProcessCredentialsChecker) *ProcessChecker + func (checker *ProcessChecker) WithRefcnt(check uint32) *ProcessChecker + func (checker *ProcessChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ProcessChecker + func (checker *ProcessChecker) WithTid(check uint32) *ProcessChecker + func (checker *ProcessChecker) WithUid(check uint32) *ProcessChecker + type ProcessCredentialsChecker struct + Caps *CapabilitiesChecker + Egid *uint32 + Euid *uint32 + Fsgid *uint32 + Fsuid *uint32 + Gid *uint32 + Securebits *SecureBitsTypeListMatcher + Sgid *uint32 + Suid *uint32 + Uid *uint32 + UserNs *UserNamespaceChecker + func NewProcessCredentialsChecker() *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) Check(event *tetragon.ProcessCredentials) error + func (checker *ProcessCredentialsChecker) FromProcessCredentials(event *tetragon.ProcessCredentials) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) GetCheckerType() string + func (checker *ProcessCredentialsChecker) WithCaps(check *CapabilitiesChecker) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithEgid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithEuid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithFsgid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithFsuid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithGid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithSecurebits(check *SecureBitsTypeListMatcher) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithSgid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithSuid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithUid(check uint32) *ProcessCredentialsChecker + func (checker *ProcessCredentialsChecker) WithUserNs(check *UserNamespaceChecker) *ProcessCredentialsChecker + type ProcessExecChecker struct + Ancestors *ProcessListMatcher + CheckerName string + Parent *ProcessChecker + Process *ProcessChecker + func NewProcessExecChecker(name string) *ProcessExecChecker + func (checker *ProcessExecChecker) Check(event *tetragon.ProcessExec) error + func (checker *ProcessExecChecker) CheckEvent(event Event) error + func (checker *ProcessExecChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker + func (checker *ProcessExecChecker) GetCheckerName() string + func (checker *ProcessExecChecker) GetCheckerType() string + func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *ProcessExecChecker + func (checker *ProcessExecChecker) WithParent(check *ProcessChecker) *ProcessExecChecker + func (checker *ProcessExecChecker) WithProcess(check *ProcessChecker) *ProcessExecChecker + type ProcessExitChecker struct + CheckerName string + Parent *ProcessChecker + Process *ProcessChecker + Signal *stringmatcher.StringMatcher + Status *uint32 + Time *timestampmatcher.TimestampMatcher + func NewProcessExitChecker(name string) *ProcessExitChecker + func (checker *ProcessExitChecker) Check(event *tetragon.ProcessExit) error + func (checker *ProcessExitChecker) CheckEvent(event Event) error + func (checker *ProcessExitChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker + func (checker *ProcessExitChecker) GetCheckerName() string + func (checker *ProcessExitChecker) GetCheckerType() string + func (checker *ProcessExitChecker) WithParent(check *ProcessChecker) *ProcessExitChecker + func (checker *ProcessExitChecker) WithProcess(check *ProcessChecker) *ProcessExitChecker + func (checker *ProcessExitChecker) WithSignal(check *stringmatcher.StringMatcher) *ProcessExitChecker + func (checker *ProcessExitChecker) WithStatus(check uint32) *ProcessExitChecker + func (checker *ProcessExitChecker) WithTime(check *timestampmatcher.TimestampMatcher) *ProcessExitChecker + type ProcessKprobeChecker struct + Action *KprobeActionChecker + Args *KprobeArgumentListMatcher + CheckerName string + FunctionName *stringmatcher.StringMatcher + KernelStackTrace *StackTraceEntryListMatcher + Message *stringmatcher.StringMatcher + Parent *ProcessChecker + PolicyName *stringmatcher.StringMatcher + Process *ProcessChecker + Return *KprobeArgumentChecker + ReturnAction *KprobeActionChecker + Tags *StringListMatcher + UserStackTrace *StackTraceEntryListMatcher + func NewProcessKprobeChecker(name string) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) Check(event *tetragon.ProcessKprobe) error + func (checker *ProcessKprobeChecker) CheckEvent(event Event) error + func (checker *ProcessKprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) GetCheckerName() string + func (checker *ProcessKprobeChecker) GetCheckerType() string + func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithKernelStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithParent(check *ProcessChecker) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithProcess(check *ProcessChecker) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithReturn(check *KprobeArgumentChecker) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithReturnAction(check tetragon.KprobeAction) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithTags(check *StringListMatcher) *ProcessKprobeChecker + func (checker *ProcessKprobeChecker) WithUserStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker + type ProcessListMatcher struct + Operator listmatcher.Operator + Values []*ProcessChecker + func NewProcessListMatcher() *ProcessListMatcher + func (checker *ProcessListMatcher) Check(values []*tetragon.Process) error + func (checker *ProcessListMatcher) WithOperator(operator listmatcher.Operator) *ProcessListMatcher + func (checker *ProcessListMatcher) WithValues(values ...*ProcessChecker) *ProcessListMatcher + type ProcessLoaderChecker struct + Buildid *bytesmatcher.BytesMatcher + CheckerName string + Path *stringmatcher.StringMatcher + Process *ProcessChecker + func NewProcessLoaderChecker(name string) *ProcessLoaderChecker + func (checker *ProcessLoaderChecker) Check(event *tetragon.ProcessLoader) error + func (checker *ProcessLoaderChecker) CheckEvent(event Event) error + func (checker *ProcessLoaderChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker + func (checker *ProcessLoaderChecker) GetCheckerName() string + func (checker *ProcessLoaderChecker) GetCheckerType() string + func (checker *ProcessLoaderChecker) WithBuildid(check *bytesmatcher.BytesMatcher) *ProcessLoaderChecker + func (checker *ProcessLoaderChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessLoaderChecker + func (checker *ProcessLoaderChecker) WithProcess(check *ProcessChecker) *ProcessLoaderChecker + type ProcessPrivilegesChangedChecker tetragon.ProcessPrivilegesChanged + func NewProcessPrivilegesChangedChecker(val tetragon.ProcessPrivilegesChanged) *ProcessPrivilegesChangedChecker + func (enum *ProcessPrivilegesChangedChecker) Check(val *tetragon.ProcessPrivilegesChanged) error + func (enum *ProcessPrivilegesChangedChecker) UnmarshalJSON(b []byte) error + func (enum ProcessPrivilegesChangedChecker) MarshalJSON() ([]byte, error) + type ProcessPrivilegesChangedListMatcher struct + Operator listmatcher.Operator + Values []*ProcessPrivilegesChangedChecker + func NewProcessPrivilegesChangedListMatcher() *ProcessPrivilegesChangedListMatcher + func (checker *ProcessPrivilegesChangedListMatcher) Check(values []tetragon.ProcessPrivilegesChanged) error + func (checker *ProcessPrivilegesChangedListMatcher) WithOperator(operator listmatcher.Operator) *ProcessPrivilegesChangedListMatcher + func (checker *ProcessPrivilegesChangedListMatcher) WithValues(values ...*ProcessPrivilegesChangedChecker) *ProcessPrivilegesChangedListMatcher + type ProcessTracepointChecker struct + Action *KprobeActionChecker + Args *KprobeArgumentListMatcher + CheckerName string + Event *stringmatcher.StringMatcher + Message *stringmatcher.StringMatcher + Parent *ProcessChecker + PolicyName *stringmatcher.StringMatcher + Process *ProcessChecker + Subsys *stringmatcher.StringMatcher + Tags *StringListMatcher + func NewProcessTracepointChecker(name string) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) Check(event *tetragon.ProcessTracepoint) error + func (checker *ProcessTracepointChecker) CheckEvent(event Event) error + func (checker *ProcessTracepointChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) GetCheckerName() string + func (checker *ProcessTracepointChecker) GetCheckerType() string + func (checker *ProcessTracepointChecker) WithAction(check tetragon.KprobeAction) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithEvent(check *stringmatcher.StringMatcher) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithParent(check *ProcessChecker) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithProcess(check *ProcessChecker) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithSubsys(check *stringmatcher.StringMatcher) *ProcessTracepointChecker + func (checker *ProcessTracepointChecker) WithTags(check *StringListMatcher) *ProcessTracepointChecker + type ProcessUprobeChecker struct + Args *KprobeArgumentListMatcher + CheckerName string + Message *stringmatcher.StringMatcher + Parent *ProcessChecker + Path *stringmatcher.StringMatcher + PolicyName *stringmatcher.StringMatcher + Process *ProcessChecker + Symbol *stringmatcher.StringMatcher + Tags *StringListMatcher + func NewProcessUprobeChecker(name string) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error + func (checker *ProcessUprobeChecker) CheckEvent(event Event) error + func (checker *ProcessUprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) GetCheckerName() string + func (checker *ProcessUprobeChecker) GetCheckerType() string + func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithParent(check *ProcessChecker) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithProcess(check *ProcessChecker) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithSymbol(check *stringmatcher.StringMatcher) *ProcessUprobeChecker + func (checker *ProcessUprobeChecker) WithTags(check *StringListMatcher) *ProcessUprobeChecker + type RateLimitInfoChecker struct + CheckerName string + NumberOfDroppedProcessEvents *uint64 + func NewRateLimitInfoChecker(name string) *RateLimitInfoChecker + func (checker *RateLimitInfoChecker) Check(event *tetragon.RateLimitInfo) error + func (checker *RateLimitInfoChecker) CheckEvent(event Event) error + func (checker *RateLimitInfoChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *RateLimitInfoChecker) FromRateLimitInfo(event *tetragon.RateLimitInfo) *RateLimitInfoChecker + func (checker *RateLimitInfoChecker) GetCheckerName() string + func (checker *RateLimitInfoChecker) GetCheckerType() string + func (checker *RateLimitInfoChecker) WithNumberOfDroppedProcessEvents(check uint64) *RateLimitInfoChecker + type SecureBitsTypeChecker tetragon.SecureBitsType + func NewSecureBitsTypeChecker(val tetragon.SecureBitsType) *SecureBitsTypeChecker + func (enum *SecureBitsTypeChecker) Check(val *tetragon.SecureBitsType) error + func (enum *SecureBitsTypeChecker) UnmarshalJSON(b []byte) error + func (enum SecureBitsTypeChecker) MarshalJSON() ([]byte, error) + type SecureBitsTypeListMatcher struct + Operator listmatcher.Operator + Values []*SecureBitsTypeChecker + func NewSecureBitsTypeListMatcher() *SecureBitsTypeListMatcher + func (checker *SecureBitsTypeListMatcher) Check(values []tetragon.SecureBitsType) error + func (checker *SecureBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *SecureBitsTypeListMatcher + func (checker *SecureBitsTypeListMatcher) WithValues(values ...*SecureBitsTypeChecker) *SecureBitsTypeListMatcher + type StackTraceEntryChecker struct + Address *uint64 + Module *stringmatcher.StringMatcher + Offset *uint64 + Symbol *stringmatcher.StringMatcher + func NewStackTraceEntryChecker() *StackTraceEntryChecker + func (checker *StackTraceEntryChecker) Check(event *tetragon.StackTraceEntry) error + func (checker *StackTraceEntryChecker) FromStackTraceEntry(event *tetragon.StackTraceEntry) *StackTraceEntryChecker + func (checker *StackTraceEntryChecker) GetCheckerType() string + func (checker *StackTraceEntryChecker) WithAddress(check uint64) *StackTraceEntryChecker + func (checker *StackTraceEntryChecker) WithModule(check *stringmatcher.StringMatcher) *StackTraceEntryChecker + func (checker *StackTraceEntryChecker) WithOffset(check uint64) *StackTraceEntryChecker + func (checker *StackTraceEntryChecker) WithSymbol(check *stringmatcher.StringMatcher) *StackTraceEntryChecker + type StackTraceEntryListMatcher struct + Operator listmatcher.Operator + Values []*StackTraceEntryChecker + func NewStackTraceEntryListMatcher() *StackTraceEntryListMatcher + func (checker *StackTraceEntryListMatcher) Check(values []*tetragon.StackTraceEntry) error + func (checker *StackTraceEntryListMatcher) WithOperator(operator listmatcher.Operator) *StackTraceEntryListMatcher + func (checker *StackTraceEntryListMatcher) WithValues(values ...*StackTraceEntryChecker) *StackTraceEntryListMatcher + type StringListMatcher struct + Operator listmatcher.Operator + Values []*stringmatcher.StringMatcher + func NewStringListMatcher() *StringListMatcher + func (checker *StringListMatcher) Check(values []string) error + func (checker *StringListMatcher) WithOperator(operator listmatcher.Operator) *StringListMatcher + func (checker *StringListMatcher) WithValues(values ...*stringmatcher.StringMatcher) *StringListMatcher + type TaintedBitsTypeChecker tetragon.TaintedBitsType + func NewTaintedBitsTypeChecker(val tetragon.TaintedBitsType) *TaintedBitsTypeChecker + func (enum *TaintedBitsTypeChecker) Check(val *tetragon.TaintedBitsType) error + func (enum *TaintedBitsTypeChecker) UnmarshalJSON(b []byte) error + func (enum TaintedBitsTypeChecker) MarshalJSON() ([]byte, error) + type TaintedBitsTypeListMatcher struct + Operator listmatcher.Operator + Values []*TaintedBitsTypeChecker + func NewTaintedBitsTypeListMatcher() *TaintedBitsTypeListMatcher + func (checker *TaintedBitsTypeListMatcher) Check(values []tetragon.TaintedBitsType) error + func (checker *TaintedBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *TaintedBitsTypeListMatcher + func (checker *TaintedBitsTypeListMatcher) WithValues(values ...*TaintedBitsTypeChecker) *TaintedBitsTypeListMatcher + type TestChecker struct + Arg0 *uint64 + Arg1 *uint64 + Arg2 *uint64 + Arg3 *uint64 + CheckerName string + func NewTestChecker(name string) *TestChecker + func (checker *TestChecker) Check(event *tetragon.Test) error + func (checker *TestChecker) CheckEvent(event Event) error + func (checker *TestChecker) CheckResponse(response *tetragon.GetEventsResponse) error + func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker + func (checker *TestChecker) GetCheckerName() string + func (checker *TestChecker) GetCheckerType() string + func (checker *TestChecker) WithArg0(check uint64) *TestChecker + func (checker *TestChecker) WithArg1(check uint64) *TestChecker + func (checker *TestChecker) WithArg2(check uint64) *TestChecker + func (checker *TestChecker) WithArg3(check uint64) *TestChecker + type UnorderedEventChecker struct + func NewUnorderedEventChecker(checks ...EventChecker) *UnorderedEventChecker + func (checker *UnorderedEventChecker) AddChecks(checks ...EventChecker) + func (checker *UnorderedEventChecker) FinalCheck(logger *logrus.Logger) error + func (checker *UnorderedEventChecker) GetChecks() []EventChecker + func (checker *UnorderedEventChecker) GetRemainingChecks() []EventChecker + func (checker *UnorderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error) + type UserNamespaceChecker struct + Gid *uint32 + Level *int32 + Ns *NamespaceChecker + Uid *uint32 + func NewUserNamespaceChecker() *UserNamespaceChecker + func (checker *UserNamespaceChecker) Check(event *tetragon.UserNamespace) error + func (checker *UserNamespaceChecker) FromUserNamespace(event *tetragon.UserNamespace) *UserNamespaceChecker + func (checker *UserNamespaceChecker) GetCheckerType() string + func (checker *UserNamespaceChecker) WithGid(check uint32) *UserNamespaceChecker + func (checker *UserNamespaceChecker) WithLevel(check int32) *UserNamespaceChecker + func (checker *UserNamespaceChecker) WithNs(check *NamespaceChecker) *UserNamespaceChecker + func (checker *UserNamespaceChecker) WithUid(check uint32) *UserNamespaceChecker