pkg.gl

Categorygithub.com/DataDog/datadog-agentpkgsecurityprobe

package

0.9.0

Repository: https://github.com/datadog/datadog-agent.git

Documentation: pkg.go.dev

# Packages

doc_generator

No description provided by the author

syscall_table_generator

No description provided by the author

# Functions

AllCustomRuleIDs

AllCustomRuleIDs returns the list of custom rule IDs.

ExtractEventInfo

ExtractEventInfo extracts cpu and timestamp from the raw data event.

GetCapababilities

GetCapababilities returns all the filtering capabilities.

NewAbnormalPathEvent

NewAbnormalPathEvent returns the rule and a populated custom event for a abnormal_path event.

NewArgsEnvsPool

NewArgsEnvsPool returns a new ArgsEnvEntry pool.

NewERPC

NewERPC returns a new ERPC object.

NewEvent

NewEvent returns a new event.

NewEventLostReadEvent

NewEventLostReadEvent returns the rule and a populated custom event for a lost_events_read event.

NewEventLostWriteEvent

NewEventLostWriteEvent returns the rule and a populated custom event for a lost_events_write event.

NewEventSerializer

NewEventSerializer creates a new event serializer based on the event type.

NewLoadController

NewLoadController instantiates a new load controller.

NewMonitor

NewMonitor returns a new instance of a ProbeMonitor.

NewMountResolver

NewMountResolver instantiates a new mount resolver.

NewNoisyProcessEvent

NewNoisyProcessEvent returns the rule and a populated custom event for a noisy_process event.

NewPerfBufferMonitor

NewPerfBufferMonitor instantiates a new event statistics counter.

NewProbe

NewProbe instantiates a new runtime security agent probe.

NewProcessCacheEntryPool

NewProcessCacheEntryPool returns a new ProcessCacheEntryPool pool.

NewProcessResolver

NewProcessResolver returns a new process resolver.

NewProcessResolverOpts

NewProcessResolverOpts returns a new set of process resolver options.

NewReOrderer

NewReOrderer returns a new ReOrderer.

NewReOrderMonitor

NewReOrderMonitor instantiates a new reorder statistics counter.

NewReport

NewReport returns a new report.

NewReporter

NewReporter instantiates a new reporter.

NewResolvers

NewResolvers creates a new instance of Resolvers.

NewRuleSetApplier

NewRuleSetApplier returns a new RuleSetApplier.

NewRuleSetLoadedEvent

NewRuleSetLoadedEvent returns the rule and a populated custom event for a new_rules_loaded event.

NewTagsResolver

NewTagsResolver returns a new tags resolver.

NewTimeResolver

NewTimeResolver returns a new time resolver.

NewUserGroupResolver

NewUserGroupResolver instantiates a new user and group resolver.

TTYConstants

TTYConstants returns the tty constants.

# Constants

AbnormalPathRuleID

AbnormalPathRuleID is the rule ID for the abnormal_path events.

BasenameFilterSize

need to be aligned with the kernel size.

DiscardInodeOp

DiscardInodeOp discards an inode.

DiscardPidOp

DiscardPidOp discards a pid.

DiscardRetention

DiscardRetention time a discard is retained but not discarding.

ERPCMaxDataSize

ERPCMaxDataSize maximum size of data of a request.

FIMCategory

Event categories for JSON serialization.

KernelActivity

Event categories for JSON serialization.

LostEventsRuleID

LostEventsRuleID is the rule ID for the lost_events_* events.

NoisyProcessRuleID

NoisyProcessRuleID is the rule ID for the noisy_process events.

Policy flags.

Policy flags.

Policy flags.

Policy modes.

Policy modes.

Policy modes.

Event categories for JSON serialization.

RegisterSpanTLSOP

nolint:deadcode,unused.

ResolveParentOp

ResolveParentOp resolves the parent of the provide path key.

ResolvePathOp

ResolvePathOp resolves the requested path.

ResolveSegmentOp

ResolveSegmentOp resolves the requested segment.

RulesetLoadedRuleID

RulesetLoadedRuleID is the rule ID for the ruleset_loaded events.

SELinuxStatusDisableKey

SELinuxStatusDisableKey represents the key in the kernel map managing the current SELinux disable status.

SELinuxStatusEnforceKey

SELinuxStatusEnforceKey represents the key in the kernel map managing the current SELinux enforce status.

ServiceEnvVar

ServiceEnvVar environment variable used to report service.

SysAccept

Linux syscall identifiers.

SysAccept4

Linux syscall identifiers.

SysAccess

Linux syscall identifiers.

SysAcct

Linux syscall identifiers.

SysAddKey

Linux syscall identifiers.

SysAdjtimex

Linux syscall identifiers.

SysAfsSyscall

Linux syscall identifiers.

SysAlarm

Linux syscall identifiers.

SysArchPrctl

Linux syscall identifiers.

SysBind

Linux syscall identifiers.

SysBpf

Linux syscall identifiers.

SysBrk

Linux syscall identifiers.

SysCapget

Linux syscall identifiers.

SysCapset

Linux syscall identifiers.

SysChdir

Linux syscall identifiers.

SysChmod

Linux syscall identifiers.

SysChown

Linux syscall identifiers.

SysChroot

Linux syscall identifiers.

SysClockAdjtime

Linux syscall identifiers.

SysClockGetres

Linux syscall identifiers.

SysClockGettime

Linux syscall identifiers.

SysClockNanosleep

Linux syscall identifiers.

SysClockSettime

Linux syscall identifiers.

SysClone

Linux syscall identifiers.

SysClone3

Linux syscall identifiers.

SysClose

Linux syscall identifiers.

SysCloseRange

Linux syscall identifiers.

SysConnect

Linux syscall identifiers.

SysCopyFileRange

Linux syscall identifiers.

SysCreat

Linux syscall identifiers.

SysCreateModule

Linux syscall identifiers.

SysDeleteModule

Linux syscall identifiers.

SysDup

Linux syscall identifiers.

SysDup2

Linux syscall identifiers.

SysDup3

Linux syscall identifiers.

SysEpollCreate

Linux syscall identifiers.

SysEpollCreate1

Linux syscall identifiers.

SysEpollCtl

Linux syscall identifiers.

SysEpollCtlOld

Linux syscall identifiers.

SysEpollPwait

Linux syscall identifiers.

SysEpollPwait2

Linux syscall identifiers.

SysEpollWait

Linux syscall identifiers.

SysEpollWaitOld

Linux syscall identifiers.

SysEventfd

Linux syscall identifiers.

SysEventfd2

Linux syscall identifiers.

SysExecve

Linux syscall identifiers.

SysExecveat

Linux syscall identifiers.

SysExit

Linux syscall identifiers.

SysExitGroup

Linux syscall identifiers.

SysFaccessat

Linux syscall identifiers.

SysFaccessat2

Linux syscall identifiers.

SysFadvise64

Linux syscall identifiers.

SysFallocate

Linux syscall identifiers.

SysFanotifyInit

Linux syscall identifiers.

SysFanotifyMark

Linux syscall identifiers.

SysFchdir

Linux syscall identifiers.

SysFchmod

Linux syscall identifiers.

SysFchmodat

Linux syscall identifiers.

SysFchown

Linux syscall identifiers.

SysFchownat

Linux syscall identifiers.

SysFcntl

Linux syscall identifiers.

SysFdatasync

Linux syscall identifiers.

SysFgetxattr

Linux syscall identifiers.

SysFinitModule

Linux syscall identifiers.

SysFlistxattr

Linux syscall identifiers.

SysFlock

Linux syscall identifiers.

SysFork

Linux syscall identifiers.

SysFremovexattr

Linux syscall identifiers.

SysFsconfig

Linux syscall identifiers.

SysFsetxattr

Linux syscall identifiers.

SysFsmount

Linux syscall identifiers.

SysFsopen

Linux syscall identifiers.

SysFspick

Linux syscall identifiers.

SysFstat

Linux syscall identifiers.

SysFstatfs

Linux syscall identifiers.

SysFsync

Linux syscall identifiers.

SysFtruncate

Linux syscall identifiers.

SysFutex

Linux syscall identifiers.

SysFutimesat

Linux syscall identifiers.

SysGetcpu

Linux syscall identifiers.

SysGetcwd

Linux syscall identifiers.

SysGetdents

Linux syscall identifiers.

SysGetdents64

Linux syscall identifiers.

SysGetegid

Linux syscall identifiers.

SysGeteuid

Linux syscall identifiers.

SysGetgid

Linux syscall identifiers.

SysGetgroups

Linux syscall identifiers.

SysGetitimer

Linux syscall identifiers.

SysGetKernelSyms

Linux syscall identifiers.

SysGetMempolicy

Linux syscall identifiers.

SysGetpeername

Linux syscall identifiers.

SysGetpgid

Linux syscall identifiers.

SysGetpgrp

Linux syscall identifiers.

SysGetpid

Linux syscall identifiers.

SysGetpmsg

Linux syscall identifiers.

SysGetppid

Linux syscall identifiers.

SysGetpriority

Linux syscall identifiers.

SysGetrandom

Linux syscall identifiers.

SysGetresgid

Linux syscall identifiers.

SysGetresuid

Linux syscall identifiers.

SysGetrlimit

Linux syscall identifiers.

SysGetRobustList

Linux syscall identifiers.

SysGetrusage

Linux syscall identifiers.

SysGetsid

Linux syscall identifiers.

SysGetsockname

Linux syscall identifiers.

SysGetsockopt

Linux syscall identifiers.

SysGetThreadArea

Linux syscall identifiers.

SysGettid

Linux syscall identifiers.

SysGettimeofday

Linux syscall identifiers.

SysGetuid

Linux syscall identifiers.

SysGetxattr

Linux syscall identifiers.

SysInitModule

Linux syscall identifiers.

SysInotifyAddWatch

Linux syscall identifiers.

SysInotifyInit

Linux syscall identifiers.

SysInotifyInit1

Linux syscall identifiers.

SysInotifyRmWatch

Linux syscall identifiers.

SysIoCancel

Linux syscall identifiers.

SysIoctl

Linux syscall identifiers.

SysIoDestroy

Linux syscall identifiers.

SysIoGetevents

Linux syscall identifiers.

SysIoperm

Linux syscall identifiers.

SysIoPgetevents

Linux syscall identifiers.

SysIopl

Linux syscall identifiers.

SysIoprioGet

Linux syscall identifiers.

SysIoprioSet

Linux syscall identifiers.

SysIoSetup

Linux syscall identifiers.

SysIoSubmit

Linux syscall identifiers.

SysIoUringEnter

Linux syscall identifiers.

SysIoUringRegister

Linux syscall identifiers.

SysIoUringSetup

Linux syscall identifiers.

SysKcmp

Linux syscall identifiers.

SysKexecFileLoad

Linux syscall identifiers.

SysKexecLoad

Linux syscall identifiers.

SysKeyctl

Linux syscall identifiers.

SysKill

Linux syscall identifiers.

SysLandlockAddRule

Linux syscall identifiers.

SysLandlockCreateRuleset

Linux syscall identifiers.

SysLandlockRestrictSelf

Linux syscall identifiers.

SysLchown

Linux syscall identifiers.

SysLgetxattr

Linux syscall identifiers.

SysLink

Linux syscall identifiers.

SysLinkat

Linux syscall identifiers.

SysListen

Linux syscall identifiers.

SysListxattr

Linux syscall identifiers.

SysLlistxattr

Linux syscall identifiers.

SysLookupDcookie

Linux syscall identifiers.

SysLremovexattr

Linux syscall identifiers.

SysLseek

Linux syscall identifiers.

SysLsetxattr

Linux syscall identifiers.

SysLstat

Linux syscall identifiers.

SysMadvise

Linux syscall identifiers.

SysMbind

Linux syscall identifiers.

SysMembarrier

Linux syscall identifiers.

SysMemfdCreate

Linux syscall identifiers.

SysMemfdSecret

Linux syscall identifiers.

SysMigratePages

Linux syscall identifiers.

SysMincore

Linux syscall identifiers.

SysMkdir

Linux syscall identifiers.

SysMkdirat

Linux syscall identifiers.

SysMknod

Linux syscall identifiers.

SysMknodat

Linux syscall identifiers.

SysMlock

Linux syscall identifiers.

SysMlock2

Linux syscall identifiers.

SysMlockall

Linux syscall identifiers.

SysMmap

Linux syscall identifiers.

SysModifyLdt

Linux syscall identifiers.

SysMount

Linux syscall identifiers.

SysMountSetattr

Linux syscall identifiers.

SysMoveMount

Linux syscall identifiers.

SysMovePages

Linux syscall identifiers.

SysMprotect

Linux syscall identifiers.

SysMqGetsetattr

Linux syscall identifiers.

SysMqNotify

Linux syscall identifiers.

SysMqOpen

Linux syscall identifiers.

SysMqTimedreceive

Linux syscall identifiers.

SysMqTimedsend

Linux syscall identifiers.

SysMqUnlink

Linux syscall identifiers.

SysMremap

Linux syscall identifiers.

SysMsgctl

Linux syscall identifiers.

SysMsgget

Linux syscall identifiers.

SysMsgrcv

Linux syscall identifiers.

SysMsgsnd

Linux syscall identifiers.

SysMsync

Linux syscall identifiers.

SysMunlock

Linux syscall identifiers.

SysMunlockall

Linux syscall identifiers.

SysMunmap

Linux syscall identifiers.

SysNameToHandleAt

Linux syscall identifiers.

SysNanosleep

Linux syscall identifiers.

SysNewfstatat

Linux syscall identifiers.

SysNfsservctl

Linux syscall identifiers.

SysOpen

Linux syscall identifiers.

SysOpenat

Linux syscall identifiers.

SysOpenat2

Linux syscall identifiers.

SysOpenByHandleAt

Linux syscall identifiers.

SysOpenTree

Linux syscall identifiers.

SysPause

Linux syscall identifiers.

SysPerfEventOpen

Linux syscall identifiers.

SysPersonality

Linux syscall identifiers.

SysPidfdGetfd

Linux syscall identifiers.

SysPidfdOpen

Linux syscall identifiers.

SysPidfdSendSignal

Linux syscall identifiers.

SysPipe

Linux syscall identifiers.

SysPipe2

Linux syscall identifiers.

SysPivotRoot

Linux syscall identifiers.

SysPkeyAlloc

Linux syscall identifiers.

SysPkeyFree

Linux syscall identifiers.

SysPkeyMprotect

Linux syscall identifiers.

SysPoll

Linux syscall identifiers.

SysPpoll

Linux syscall identifiers.

SysPrctl

Linux syscall identifiers.

SysPread64

Linux syscall identifiers.

SysPreadv

Linux syscall identifiers.

SysPreadv2

Linux syscall identifiers.

SysPrlimit64

Linux syscall identifiers.

SysProcessMadvise

Linux syscall identifiers.

SysProcessVmReadv

Linux syscall identifiers.

SysProcessVmWritev

Linux syscall identifiers.

SysPselect6

Linux syscall identifiers.

SysPtrace

Linux syscall identifiers.

SysPutpmsg

Linux syscall identifiers.

SysPwrite64

Linux syscall identifiers.

SysPwritev

Linux syscall identifiers.

SysPwritev2

Linux syscall identifiers.

SysQueryModule

Linux syscall identifiers.

SysQuotactl

Linux syscall identifiers.

SysQuotactlFd

Linux syscall identifiers.

SysRead

Linux syscall identifiers.

SysReadahead

Linux syscall identifiers.

SysReadlink

Linux syscall identifiers.

SysReadlinkat

Linux syscall identifiers.

SysReadv

Linux syscall identifiers.

SysReboot

Linux syscall identifiers.

SysRecvfrom

Linux syscall identifiers.

SysRecvmmsg

Linux syscall identifiers.

SysRecvmsg

Linux syscall identifiers.

SysRemapFilePages

Linux syscall identifiers.

SysRemovexattr

Linux syscall identifiers.

SysRename

Linux syscall identifiers.

SysRenameat

Linux syscall identifiers.

SysRenameat2

Linux syscall identifiers.

SysRequestKey

Linux syscall identifiers.

SysRestartSyscall

Linux syscall identifiers.

SysRmdir

Linux syscall identifiers.

SysRseq

Linux syscall identifiers.

SysRtSigaction

Linux syscall identifiers.

SysRtSigpending

Linux syscall identifiers.

SysRtSigprocmask

Linux syscall identifiers.

SysRtSigqueueinfo

Linux syscall identifiers.

SysRtSigreturn

Linux syscall identifiers.

SysRtSigsuspend

Linux syscall identifiers.

SysRtSigtimedwait

Linux syscall identifiers.

SysRtTgsigqueueinfo

Linux syscall identifiers.

SysSchedGetaffinity

Linux syscall identifiers.

SysSchedGetattr

Linux syscall identifiers.

SysSchedGetparam

Linux syscall identifiers.

SysSchedGetPriorityMax

Linux syscall identifiers.

SysSchedGetPriorityMin

Linux syscall identifiers.

SysSchedGetscheduler

Linux syscall identifiers.

SysSchedRrGetInterval

Linux syscall identifiers.

SysSchedSetaffinity

Linux syscall identifiers.

SysSchedSetattr

Linux syscall identifiers.

SysSchedSetparam

Linux syscall identifiers.

SysSchedSetscheduler

Linux syscall identifiers.

SysSchedYield

Linux syscall identifiers.

SysSeccomp

Linux syscall identifiers.

SysSecurity

Linux syscall identifiers.

SysSelect

Linux syscall identifiers.

SysSemctl

Linux syscall identifiers.

SysSemget

Linux syscall identifiers.

SysSemop

Linux syscall identifiers.

SysSemtimedop

Linux syscall identifiers.

SysSendfile

Linux syscall identifiers.

SysSendmmsg

Linux syscall identifiers.

SysSendmsg

Linux syscall identifiers.

SysSendto

Linux syscall identifiers.

SysSetdomainname

Linux syscall identifiers.

SysSetfsgid

Linux syscall identifiers.

SysSetfsuid

Linux syscall identifiers.

SysSetgid

Linux syscall identifiers.

SysSetgroups

Linux syscall identifiers.

SysSethostname

Linux syscall identifiers.

SysSetitimer

Linux syscall identifiers.

SysSetMempolicy

Linux syscall identifiers.

SysSetns

Linux syscall identifiers.

SysSetpgid

Linux syscall identifiers.

SysSetpriority

Linux syscall identifiers.

SysSetregid

Linux syscall identifiers.

SysSetresgid

Linux syscall identifiers.

SysSetresuid

Linux syscall identifiers.

SysSetreuid

Linux syscall identifiers.

SysSetrlimit

Linux syscall identifiers.

SysSetRobustList

Linux syscall identifiers.

SysSetsid

Linux syscall identifiers.

SysSetsockopt

Linux syscall identifiers.

SysSetThreadArea

Linux syscall identifiers.

SysSetTidAddress

Linux syscall identifiers.

SysSettimeofday

Linux syscall identifiers.

SysSetuid

Linux syscall identifiers.

SysSetxattr

Linux syscall identifiers.

SysShmat

Linux syscall identifiers.

SysShmctl

Linux syscall identifiers.

SysShmdt

Linux syscall identifiers.

SysShmget

Linux syscall identifiers.

SysShutdown

Linux syscall identifiers.

SysSigaltstack

Linux syscall identifiers.

SysSignalfd

Linux syscall identifiers.

SysSignalfd4

Linux syscall identifiers.

SysSocket

Linux syscall identifiers.

SysSocketpair

Linux syscall identifiers.

SysSplice

Linux syscall identifiers.

SysStat

Linux syscall identifiers.

SysStatfs

Linux syscall identifiers.

SysStatx

Linux syscall identifiers.

SysSwapoff

Linux syscall identifiers.

SysSwapon

Linux syscall identifiers.

SysSymlink

Linux syscall identifiers.

SysSymlinkat

Linux syscall identifiers.

SysSync

Linux syscall identifiers.

SysSyncFileRange

Linux syscall identifiers.

SysSyncfs

Linux syscall identifiers.

SysSysctl

Linux syscall identifiers.

SysSysfs

Linux syscall identifiers.

SysSysinfo

Linux syscall identifiers.

SysSyslog

Linux syscall identifiers.

SysTee

Linux syscall identifiers.

SysTgkill

Linux syscall identifiers.

SysTime

Linux syscall identifiers.

SysTimerCreate

Linux syscall identifiers.

SysTimerDelete

Linux syscall identifiers.

SysTimerfdCreate

Linux syscall identifiers.

SysTimerfdGettime

Linux syscall identifiers.

SysTimerfdSettime

Linux syscall identifiers.

SysTimerGetoverrun

Linux syscall identifiers.

SysTimerGettime

Linux syscall identifiers.

SysTimerSettime

Linux syscall identifiers.

SysTimes

Linux syscall identifiers.

SysTkill

Linux syscall identifiers.

SysTruncate

Linux syscall identifiers.

SysTuxcall

Linux syscall identifiers.

SysUmask

Linux syscall identifiers.

SysUmount2

Linux syscall identifiers.

SysUname

Linux syscall identifiers.

SysUnlink

Linux syscall identifiers.

SysUnlinkat

Linux syscall identifiers.

SysUnshare

Linux syscall identifiers.

SysUselib

Linux syscall identifiers.

SysUserfaultfd

Linux syscall identifiers.

SysUstat

Linux syscall identifiers.

SysUtime

Linux syscall identifiers.

SysUtimensat

Linux syscall identifiers.

SysUtimes

Linux syscall identifiers.

SysVfork

Linux syscall identifiers.

SysVhangup

Linux syscall identifiers.

SysVmsplice

Linux syscall identifiers.

SysVserver

Linux syscall identifiers.

SysWait4

Linux syscall identifiers.

SysWaitid

Linux syscall identifiers.

SysWrite

Linux syscall identifiers.

SysWritev

Linux syscall identifiers.

# Variables

DiscarderConstants

DiscarderConstants ebpf constants.

ErrMountNotFound

ErrMountNotFound is used when an unknown mount identifier is found.

InvalidDiscarders

InvalidDiscarders exposes list of values that are not discarders.

SupportedDiscarders

SupportedDiscarders lists all field which supports discarders.

# Structs

AbnormalPathEvent

AbnormalPathEvent is used to report that a path resolution failed for a suspicious reason easyjson:json.

ArgsEnvsPool

ArgsEnvsPool defines a pool for args/envs allocations.

Capability

Capability represents the type of values we are able to filter kernel side.

CapsetSerializer

CapsetSerializer serializes a capset event easyjson:json.

ContainerContextSerializer

ContainerContextSerializer serializes a container context to JSON easyjson:json.

ContainerResolver

ContainerResolver is used to resolve the container context of the events.

CredentialsSerializer

CredentialsSerializer serializes a set credentials to JSON easyjson:json.

CustomEvent

CustomEvent is used to send custom security events to Datadog.

DDContextSerializer

DDContextSerializer serializes a span context to JSON easyjson:json.

Discarder

Discarder represents a discarder which is basically the field that we know for sure that the value will be always rejected by the rules.

ERPC

ERPC defines a krpc object.

ERPCRequest

ERPCRequest defines a EPRC request.

ErrDiscarderNotSupported

ErrDiscarderNotSupported is returned when trying to discover a discarder on a field that doesn't support them.

Event

Event describes a probe event.

EventContextSerializer

EventContextSerializer serializes an event context to JSON easyjson:json.

EventLostRead

EventLostRead is the event used to report lost events detected from user space easyjson:json.

EventLostWrite

EventLostWrite is the event used to report lost events detected from kernel space easyjson:json.

EventSerializer

EventSerializer serializes an event to JSON easyjson:json.

FileEventSerializer

FileEventSerializer serializes a file event to JSON easyjson:json.

FileSerializer

FileSerializer serializes a file to JSON easyjson:json.

FilterPolicy

FilterPolicy describes a filtering policy.

LoadController

LoadController is used to monitor and control the pressure put on the host.

Model

Model describes the data model for the runtime security agent probe events.

Monitor

Monitor regroups all the work we want to do to monitor the probes we pushed in the kernel.

MountResolver

MountResolver represents a cache for mountpoints and the corresponding file systems.

NoisyProcessEvent

NoisyProcessEvent is used to report that a noisy process was temporarily discarded easyjson:json.

PerfBufferMonitor

PerfBufferMonitor holds statistics about the number of lost and received eventsnolint:structcheck,unused.

PerfMapStats

PerfMapStats contains the collected metrics for one event and one cpu in a perf buffer statistics map.

PoliciesIgnored

PoliciesIgnored holds the errors.

PolicyLoaded

PolicyLoaded is used to report policy was loaded easyjson:json.

PolicyReport

PolicyReport describes the result of the kernel policy and the approvers for an event type.

Probe

Probe represents the runtime security eBPF probe in charge of setting up the required kProbes and decoding events sent from the kernel.

ProcessCacheEntryPool

ProcessCacheEntryPool defines a pool for process entry allocations.

ProcessCacheEntrySerializer

ProcessCacheEntrySerializer serializes a process cache entry to JSON easyjson:json jsonschema_description:"".

ProcessContextSerializer

ProcessContextSerializer serializes a process context to JSON easyjson:json.

ProcessCredentialsSerializer

ProcessCredentialsSerializer serializes the process credentials to JSON easyjson:json.

ProcessResolver

ProcessResolver resolved process context.

ProcessResolverOpts

ProcessResolverOpts options of resolver.

ReOrderer

ReOrderer defines an event re-orderer.

ReOrdererMetric

ReOrdererMetric holds reordering metrics.

ReordererMonitor

ReordererMonitor represents a reorderer monitor.

ReOrdererOpts

ReOrdererOpts options to pass when creating a new instance of ReOrderer.

Report

Report describes the event types and their associated policy reports.

Reporter

Reporter describes a reporter of policy application.

Resolvers

Resolvers holds the list of the event attribute resolvers.

RuleIgnored

RuleIgnored defines a ignored easyjson:json.

RuleLoaded

RuleLoaded defines a loaded rule easyjson:json.

RuleSetApplier

RuleSetApplier defines a rule set applier.

RulesetLoadedEvent

RulesetLoadedEvent is used to report that a new ruleset was loaded easyjson:json.

RuleSetLoadedReport

RuleSetLoadedReport represents the rule and the custom event related to a RuleSetLoaded event, ready to be dispatched.

SELinuxEventSerializer

SELinuxEventSerializer serializes a SELinux context to JSON easyjson:json.

SetgidSerializer

SetgidSerializer serializes a setgid event easyjson:json.

SetuidSerializer

SetuidSerializer serializes a setuid event easyjson:json.

TagsResolver

TagsResolver represents a cache resolver.

TimeResolver

TimeResolver converts kernel monotonic timestamps to absolute times.

UserContextSerializer

UserContextSerializer serializes a user context to JSON easyjson:json.

UserGroupResolver

UserGroupResolver resolves user and group ids to names.

# Interfaces

EventHandler

EventHandler represents an handler for the events sent by the probe.

Tagger

Tagger defines a Tagger for the Tags Resolver.

# Type aliases

Capabilities

Capabilities represents the filtering capabilities for a set of fields.

JStringArray

JStringArray handles empty array properly not generating null output but [].

PolicyFlag

PolicyFlag is a bitmask of the active filtering policies.

PolicyMode

PolicyMode represents the policy mode (accept or deny).

Syscall

Syscall represents a syscall identifier.