FindContainerID extracts the first sub string that matches the pattern of a container ID.

GetEventTypeCategory returns the category for the given event type.

GetEventTypePerCategory returns the event types per category.

GetHostByteOrder guesses the hosts byte order.

IsAlphaNumeric returns whether a character is either a digit or a letter.

IsPrintable returns whether the string does contain only unicode printable.

IsPrintableASCII returns whether the string does contain only ASCII char.

NewArgsEnvsCacheEntry returns a new args/env cache entry.

NewProcessCacheEntry returns a new process cache entry.

ParseEvalEventType convert a eval.EventType (string) to its uint64 representation the current algorithm is not efficient but allows us to reduce the number of conversion functionsnolint:deadcode,unused.

SliceToArray copy src bytes to dst.

UnmarshalBinary calls a series of BinaryUnmarshaler.

UnmarshalString unmarshal string.

UnmarshalStringArray extract array of string for array of byte.

ArgsEnvsEventType args and envs event.

CapsetEventType capset event.

CustomForkBombEventType is the custom event used to report the detection of a fork bomb.

CustomLostReadEventType is the custom event used to report lost events detected in user space.

CustomLostWriteEventType is the custom event used to report lost events detected in kernel space.

CustomNoisyProcessEventType is the custom event used to report the detection of a noisy process.

CustomRulesetLoadedEventType is the custom event used to report that a new ruleset was loaded.

CustomTruncatedParentsEventType is the custom event used to report that the parents of a path were truncated.

ExecEventType Exec event.

ExitEventType Exit event.

FileChmodEventType Chmod event.

FileChownEventType Chown event.

FileLinkEventType Hard link creation event.

FileMkdirEventType Folder creation event.

FileMountEventType Mount event.

FileOpenEventType File open event.

FileRemoveXAttrEventType Removexattr event.

FileRenameEventType File or folder rename event.

FileRmdirEventType Rmdir event.

FileSetXAttrEventType Setxattr event.

FileUmountEventType Umount event.

FileUnlinkEventType Unlink event.

FileUtimesEventType Utime event.

FIMCategory FIM events.

FirstDiscarderEventType first event that accepts discarders.

ForkEventType Fork event.

InvalidateDentryEventType Dentry invalidated event.

LastDiscarderEventType last event that accepts discarders.

File flags.

MaxEventType is used internally to get the maximum number of kernel events.

MaxPathDepth defines the maximum depth of a path.

MaxSegmentLength defines the maximum length of each segment of a path.

MountReleasedEventType sent when a mount point is released.

RuntimeCategory Process events.

SELinuxBoolChangeEventKind represents SELinux boolean change events.

SELinuxBoolCommitEventKind represents SELinux boolean commit events.

SELinuxEventType selinux event.

SELinuxStatusChangeEventKind represents SELinux status change events.

SetgidEventType setgid event.

SetuidEventType setuid event.

UnknownEventType unknow event.

File flags.

ByteOrder holds the hosts byte order.

ErrNonPrintable returned when a string contains non printable char.

ErrNotEnoughData is returned when the buffer is too small to unmarshal the event.

ErrStringArrayOverflow returned when there is a string array overflow.

KernelCapabilityConstants list of kernel capabilities.

SECLConstants are constants available in runtime security agent rules.

SECLLegacyAttributes contains the list of the legacy attributes we need to support.

ArgsEntry defines a args cache entry.

ArgsEnvs raw value for args and envs.

ArgsEnvsCacheEntry defines a args/envs base entry.

ArgsEnvsEvent defines a args/envs event.

CapsetEvent represents a capset event.

ChmodEvent represents a chmod event.

ChownEvent represents a chown event.

ContainerContext holds the container context of an event.

Credentials represents the kernel credentials of a process.

EnvsEntry defines a args cache entry.

Event represents an event sent from the kernel genaccessors.

ExecEvent represents a exec event.

FileEvent is the common file event type.

FileFields holds the information required to identify a file.

InvalidateDentryEvent defines a invalidate dentry event.

LinkEvent represents a link event.

MkdirEvent represents a mkdir event.

Model describes the data model for the runtime security agent events.

MountEvent represents a mount event.

MountReleasedEvent defines a mount released event.

OpenEvent represents an open event.

Process represents a process.

ProcessAncestorsIterator defines an iterator of ancestors.

ProcessCacheEntry this struct holds process context kept in the process tree.

ProcessContext holds the process context of an event.

RenameEvent represents a rename event.

RmdirEvent represents a rmdir event.

SELinuxEvent represents a selinux event.

SetgidEvent represents a setgid event.

SetuidEvent represents a setuid event.

SetXAttrEvent represents an extended attributes event.

SpanContext describes a span context.

SyscallEvent contains common fields for all the event.

UmountEvent represents an umount event.

UnlinkEvent represents an unlink event.

UtimesEvent represents a utime event.

BinaryUnmarshaler interface implemented by every event type.

ChmodMode represent a chmod mode bitmask value.

EventCategory category type.

EventType describes the type of an event sent from the kernel.

KernelCapability represents a kernel capability bitmask value.

OpenFlags represents an open flags bitmask value.

RetValError represents a syscall return error value.

SELinuxEventKind represents the event kind for SELinux events.

UnlinkFlags represents an unlink flags bitmask value.