Documentation
¶
Index ¶
- Constants
- type Config
- type Engine
- func (engine *Engine) GetDataSource(namespace string, id string) (detect.DataSource, bool)
- func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector
- func (engine *Engine) Init() error
- func (engine *Engine) LoadSignature(signature detect.Signature) (string, error)
- func (engine *Engine) RegisterDataSource(dataSource detect.DataSource) error
- func (engine *Engine) Start(ctx context.Context)
- func (engine *Engine) Stats() *metrics.Stats
- func (engine *Engine) UnloadSignature(signatureId string) error
- type EventSources
Constants ¶
const ALL_EVENT_ORIGINS = "*"
const ALL_EVENT_TYPES = "*"
const EVENT_CONTAINER_ORIGIN = "container"
const EVENT_HOST_ORIGIN = "host"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Engine-in-Pipeline related configuration
Enabled bool // Enables the signatures engine to run in the events pipeline
SigNameToEventID map[string]int32 // Cache of loaded signature event names to event ids, used to filter in dispatching
// Callback from tracker to determine if event should be dispatched to signature.
// This is done as a callback becaues importing the events package breaks compilation for the
// tracker-rules binary.
// When tracker-rules is removed, and the policy coordinator is implemented (PR #3305)
// this solution should be abandoned in favor of using it alongside the engine.
ShouldDispatchEvent func(eventIdInt32 int32) bool
// General engine configuration
SignatureBufferSize uint
Signatures []detect.Signature
DataSources []detect.DataSource
}
Config defines the engine's configurable values
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine is a signatures-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings
func NewEngine ¶
NewEngine creates a new signatures-engine with the given arguments inputs and outputs are given as channels created by the consumer Signatures are not loaded at this point, Init must be called to perform config side effects.
func (*Engine) GetDataSource ¶
func (*Engine) GetSelectedEvents ¶
func (engine *Engine) GetSelectedEvents() []detect.SignatureEventSelector
GetSelectedEvents returns the event selectors that are relevant to the currently loaded signatures
func (*Engine) Init ¶
Init loads and initializes signatures and data sources passed in NewEngine. The split allows the loading of additional signatures and data sources between NewEngine and Start if needed.
func (*Engine) LoadSignature ¶
TODO: This method seems not to be used, let's confirm inside the team and remove it if not needed LoadSignature will call the internal signature loading logic and activate its handling business logics. It will return the signature ID as well as error.
func (*Engine) RegisterDataSource ¶
func (engine *Engine) RegisterDataSource(dataSource detect.DataSource) error
func (*Engine) Start ¶
Start starts processing events and detecting signatures it runs continuously until stopped by the done channel once done, it cleans all internal resources, which means the engine is not reusable note that the input and output channels are created by the consumer and therefore are not closed
func (*Engine) UnloadSignature ¶
UnloadSignature will remove from Engine data structures the given signature and stop its handling goroutine
type EventSources ¶
EventSources is a bundle of input sources used to configure the Engine
Source Files