FindContainerID extracts the first sub string that matches the pattern of a container ID.

GetEventTypeCategory returns the category for the given event type.

GetEventTypePerCategory returns the event types per category.

GetHostByteOrder guesses the hosts byte order.

IsAlphaNumeric returns whether a character is either a digit or a letter.

IsPrintable returns whether the string does contain only unicode printable.

IsPrintableASCII returns whether the string does contain only ASCII char.

NewArgsEnvsCacheEntry returns a new args/env cache entry.

NewProcessCacheEntry returns a new process cache entry.

ParseEvalEventType convert a eval.EventType (string) to its uint64 representation the current algorithm is not efficient but allows us to reduce the number of conversion functionsnolint:deadcode,unused.

SliceToArray copy src bytes to dst.

StringifyHelpersList returns a string list representation of a list of helpers.

UnmarshalBinary calls a series of BinaryUnmarshaler.

UnmarshalPrintableString unmarshal printable string.

UnmarshalString unmarshal string.

UnmarshalStringArray extract array of string for array of byte.

ArgsEnvsEventType args and envs event.

BpfBind helper function.

BpfBprmOptsSet helper function.

BpfBtfGetFdByIDCmd command.

BpfBtfGetNextIDCmd command.

BpfBtfLoadCmd command.

BpfCgroupDevice attach type.

BpfCgroupGetsockopt attach type.

BpfCgroupInet4Bind attach type.

BpfCgroupInet4Connect attach type.

BpfCgroupInet4Getpeername attach type.

BpfCgroupInet4Getsockname attach type.

BpfCgroupInet4PostBind attach type.

BpfCgroupInet6Bind attach type.

BpfCgroupInet6Connect attach type.

BpfCgroupInet6Getpeername attach type.

BpfCgroupInet6Getsockname attach type.

BpfCgroupInet6PostBind attach type.

BpfCgroupInetEgress attach type.

BpfCgroupInetIngress attach type.

BpfCgroupInetSockCreate attach type.

BpfCgroupInetSockRelease attach type.

BpfCgroupSetsockopt attach type.

BpfCgroupSockOps attach type.

BpfCgroupSysctl attach type.

BpfCgroupUDP4Recvmsg attach type.

BpfCgroupUDP4Sendmsg attach type.

BpfCgroupUDP6Recvmsg attach type.

BpfCgroupUDP6Sendmsg attach type.

BpfCheckMtu helper function.

BpfCloneRedirect helper function.

BpfCopyFromUser helper function.

BpfCsumDiff helper function.

BpfCsumLevel helper function.

BpfCsumUpdate helper function.

BpfCurrentTaskUnderCgroup helper function.

BpfDPath helper function.

BpfEnableStatsCmd command.

BPFEventType bpf event.

BpfFibLookup helper function.

BpfFlowDissector attach type.

BpfForEachMapElem helper function.

BpfGetCgroupClassid helper function.

BpfGetCurrentAncestorCgroupID helper function.

BpfGetCurrentCgroupID helper function.

BpfGetCurrentComm helper function.

BpfGetCurrentPidTgid helper function.

BpfGetCurrentTask helper function.

BpfGetCurrentTaskBtf helper function.

BpfGetCurrentUIDGid helper function.

BpfGetHashRecalc helper function.

BpfGetListenerSock helper function.

BpfGetLocalStorage helper function.

BpfGetNetnsCookie helper function.

BpfGetNsCurrentPidTgid helper function.

BpfGetNumaNodeID helper function.

BpfGetPrandomU32 helper function.

BpfGetRouteRealm helper function.

BpfGetSmpProcessorID helper function.

BpfGetSocketCookie helper function.

BpfGetSocketUID helper function.

BpfGetsockopt helper function.

BpfGetStack helper function.

BpfGetStackid helper function.

BpfGetTaskStack helper function.

BpfImaInodeHash helper function.

BpfInodeStorageDelete helper function.

BpfInodeStorageGet helper function.

BpfIterCreateCmd command.

BpfJiffies64 helper function.

BpfKtimeGetBootNs helper function.

BpfKtimeGetCoarseNs helper function.

BpfKtimeGetNs helper function.

BpfL3CsumReplace helper function.

BpfL4CsumReplace helper function.

BpfLinkCreateCmd command.

BpfLinkDetachCmd command.

BpfLinkGetFdByIDCmd command.

BpfLinkGetNextIDCmd command.

BpfLinkUpdateCmd command.

BpfLircMode2 attach type.

BpfLoadHdrOpt helper function.

BpfLsmMac attach type.

BpfLwtPushEncap helper function.

BpfLwtSeg6Action helper function.

BpfLwtSeg6AdjustSrh helper function.

BpfLwtSeg6StoreBytes helper function.

BpfMapCreateCmd command.

BpfMapDeleteBatchCmd command.

BpfMapDeleteElem helper function.

BpfMapDeleteElemCmd command.

BpfMapFreezeCmd command.

BpfMapGetFdByIDCmd command.

BpfMapGetNextIDCmd command.

BpfMapGetNextKeyCmd command.

BpfMapLookupAndDeleteBatchCmd command.

BpfMapLookupAndDeleteElemCmd command.

BpfMapLookupBatchCmd command.

BpfMapLookupElem helper function.

BpfMapLookupElemCmd command.

BpfMapPeekElem helper function.

BpfMapPopElem helper function.

BpfMapPushElem helper function.

BpfMapTypeArray map type.

BpfMapTypeArrayOfMaps map type.

BpfMapTypeCgroupArray map type.

BpfMapTypeCgroupStorage map type.

BpfMapTypeCPUmap map type.

BpfMapTypeDevmap map type.

BpfMapTypeDevmapHash map type.

BpfMapTypeHash map type.

BpfMapTypeHashOfMaps map type.

BpfMapTypeInodeStorage map type.

BpfMapTypeLpmTrie map type.

BpfMapTypeLruHash map type.

BpfMapTypeLruPercpuHash map type.

BpfMapTypePercpuArray map type.

BpfMapTypePercpuCgroupStorage map type.

BpfMapTypePercpuHash map type.

BpfMapTypePerfEventArray map type.

BpfMapTypeProgArray map type.

BpfMapTypeQueue map type.

BpfMapTypeReuseportSockarray map type.

BpfMapTypeRingbuf map type.

BpfMapTypeSkStorage map type.

BpfMapTypeSockhash map type.

BpfMapTypeSockmap map type.

BpfMapTypeStack map type.

BpfMapTypeStackTrace map type.

BpfMapTypeStructOps map type.

BpfMapTypeTaskStorage map type.

BpfMapTypeUnspec map type.

BpfMapTypeXskmap map type.

BpfMapUpdateBatchCmd command.

BpfMapUpdateElem helper function.

BpfMapUpdateElemCmd command.

BpfModifyReturn attach type.

BpfMsgApplyBytes helper function.

BpfMsgCorkBytes helper function.

BpfMsgPopData helper function.

BpfMsgPullData helper function.

BpfMsgPushData helper function.

BpfMsgRedirectHash helper function.

BpfMsgRedirectMap helper function.

BpfObjGetCmd command.

BpfObjGetInfoByFdCmd command.

BpfObjPinCmd command.

BpfOverrideReturn helper function.

BpfPerCPUPtr helper function.

BpfPerfEventOutput helper function.

BpfPerfEventRead helper function.

BpfPerfEventReadValue helper function.

BpfPerfProgReadValue helper function.

BpfProbeRead helper function.

BpfProbeReadKernel helper function.

BpfProbeReadKernelStr helper function.

BpfProbeReadStr helper function.

BpfProbeReadUser helper function.

BpfProbeReadUserStr helper function.

BpfProbeWriteUser helper function.

BpfProgAttachCmd command.

BpfProgBindMapCmd command.

BpfProgDetachCmd command.

BpfProgGetFdByIDCmd command.

BpfProgGetNextIDCmd command.

BpfProgLoadCmd command.

BpfProgQueryCmd command.

BpfProgTestRunCmd command.

BpfProgTypeCgroupDevice program type.

BpfProgTypeCgroupSkb program type.

BpfProgTypeCgroupSock program type.

BpfProgTypeCgroupSockAddr program type.

BpfProgTypeCgroupSockopt program type.

BpfProgTypeCgroupSysctl program type.

BpfProgTypeExt program type.

BpfProgTypeFlowDissector program type.

BpfProgTypeKprobe program type.

BpfProgTypeLircMode2 program type.

BpfProgTypeLsm program type.

BpfProgTypeLwtIn program type.

BpfProgTypeLwtOut program type.

BpfProgTypeLwtSeg6local program type.

BpfProgTypeLwtXmit program type.

BpfProgTypePerfEvent program type.

BpfProgTypeRawTracepoint program type.

BpfProgTypeRawTracepointWritable program type.

BpfProgTypeSchedAct program type.

BpfProgTypeSchedCls program type.

BpfProgTypeSkLookup program type.

BpfProgTypeSkMsg program type.

BpfProgTypeSkReuseport program type.

BpfProgTypeSkSkb program type.

BpfProgTypeSocketFilter program type.

BpfProgTypeSockOps program type.

BpfProgTypeStructOps program type.

BpfProgTypeTracepoint program type.

BpfProgTypeTracing program type.

BpfProgTypeUnspec program type.

BpfProgTypeXdp program type.

BpfRawTracepointOpenCmd command.

BpfRcKeydown helper function.

BpfRcPointerRel helper function.

BpfRcRepeat helper function.

BpfReadBranchRecords helper function.

BpfRedirect helper function.

BpfRedirectMap helper function.

BpfRedirectNeigh helper function.

BpfRedirectPeer helper function.

BpfReserveHdrOpt helper function.

BpfRingbufDiscard helper function.

BpfRingbufOutput helper function.

BpfRingbufQuery helper function.

BpfRingbufReserve helper function.

BpfRingbufSubmit helper function.

BpfSendSignal helper function.

BpfSendSignalThread helper function.

BpfSeqPrintf helper function.

BpfSeqPrintfBtf helper function.

BpfSeqWrite helper function.

BpfSetHash helper function.

BpfSetHashInvalid helper function.

BpfSetsockopt helper function.

BpfSkAncestorCgroupID helper function.

BpfSkAssign helper function.

BpfSkbAdjustRoom helper function.

BpfSkbAncestorCgroupID helper function.

BpfSkbCgroupClassid helper function.

BpfSkbCgroupID helper function.

BpfSkbChangeHead helper function.

BpfSkbChangeProto helper function.

BpfSkbChangeTail helper function.

BpfSkbChangeType helper function.

BpfSkbEcnSetCe helper function.

BpfSkbGetTunnelKey helper function.

BpfSkbGetTunnelOpt helper function.

BpfSkbGetXfrmState helper function.

BpfSkbLoadBytes helper function.

BpfSkbLoadBytesRelative helper function.

BpfSkbOutput helper function.

BpfSkbPullData helper function.

BpfSkbSetTunnelKey helper function.

BpfSkbSetTunnelOpt helper function.

BpfSkbStoreBytes helper function.

BpfSkbUnderCgroup helper function.

BpfSkbVlanPop helper function.

BpfSkbVlanPush helper function.

BpfSkCgroupID helper function.

BpfSkcLookupTCP helper function.

BpfSkcToTCP6Sock helper function.

BpfSkcToTCPRequestSock helper function.

BpfSkcToTCPSock helper function.

BpfSkcToTCPTimewaitSock helper function.

BpfSkcToUDP6Sock helper function.

BpfSkFullsock helper function.

BpfSkLookup attach type.

BpfSkLookupTCP helper function.

BpfSkLookupUDP helper function.

BpfSkMsgVerdict attach type.

BpfSkRedirectHash helper function.

BpfSkRedirectMap helper function.

BpfSkRelease helper function.

BpfSkSelectReuseport helper function.

BpfSkSkbStreamParser attach type.

BpfSkSkbStreamVerdict attach type.

BpfSkSkbVerdict attach type.

BpfSkStorageDelete helper function.

BpfSkStorageGet helper function.

BpfSnprintf helper function.

BpfSnprintfBtf helper function.

BpfSockFromFile helper function.

BpfSockHashUpdate helper function.

BpfSockMapUpdate helper function.

BpfSockOpsCbFlagsSet helper function.

BpfSpinLock helper function.

BpfSpinUnlock helper function.

BpfStoreHdrOpt helper function.

BpfStrtol helper function.

BpfStrtoul helper function.

BpfSysctlGetCurrentValue helper function.

BpfSysctlGetName helper function.

BpfSysctlGetNewValue helper function.

BpfSysctlSetNewValue helper function.

BpfTailCall helper function.

BpfTaskFdQueryCmd command.

BpfTaskStorageDelete helper function.

BpfTaskStorageGet helper function.

BpfTCPCheckSyncookie helper function.

BpfTCPGenSyncookie helper function.

BpfTCPSendAck helper function.

BpfTCPSock helper function.

BpfThisCPUPtr helper function.

BpfTraceFentry attach type.

BpfTraceFexit attach type.

BpfTraceIter attach type.

BpfTracePrintk helper function.

BpfTraceRawTp attach type.

BpfUnspec helper function.

BpfXdp attach type.

BpfXdpAdjustHead helper function.

BpfXdpAdjustMeta helper function.

BpfXdpAdjustTail helper function.

BpfXdpCPUmap attach type.

BpfXdpDevmap attach type.

BpfXdpOutput helper function.

CapsetEventType capset event.

CustomForkBombEventType is the custom event used to report the detection of a fork bomb.

CustomLostReadEventType is the custom event used to report lost events detected in user space.

CustomLostWriteEventType is the custom event used to report lost events detected in kernel space.

CustomNoisyProcessEventType is the custom event used to report the detection of a noisy process.

CustomRulesetLoadedEventType is the custom event used to report that a new ruleset was loaded.

CustomTruncatedParentsEventType is the custom event used to report that the parents of a path were truncated.

ExecEventType Exec event.

ExitEventType Exit event.

FileChmodEventType Chmod event.

FileChownEventType Chown event.

FileLinkEventType Hard link creation event.

FileMkdirEventType Folder creation event.

FileMountEventType Mount event.

FileOpenEventType File open event.

FileRemoveXAttrEventType Removexattr event.

FileRenameEventType File or folder rename event.

FileRmdirEventType Rmdir event.

FileSetXAttrEventType Setxattr event.

FileUmountEventType Umount event.

FileUnlinkEventType Unlink event.

FileUtimesEventType Utime event.

FIMCategory FIM events.

FirstDiscarderEventType first event that accepts discarders.

ForkEventType Fork event.

InvalidateDentryEventType Dentry invalidated event.

LastDiscarderEventType last event that accepts discarders.

File flags.

MaxEventType is used internally to get the maximum number of kernel events.

MaxPathDepth defines the maximum depth of a path.

MaxSegmentLength defines the maximum length of each segment of a path.

MountReleasedEventType sent when a mount point is released.

NameSuffix defines the suffix used for name fields.

PathSuffix defines the suffix used for path fields.

RuntimeCategory Process events.

SELinuxBoolChangeEventKind represents SELinux boolean change events.

SELinuxBoolCommitEventKind represents SELinux boolean commit events.

SELinuxEventType selinux event.

SELinuxStatusChangeEventKind represents SELinux status change events.

SetgidEventType setgid event.

SetuidEventType setuid event.

UnknownEventType unknow event.

File flags.

BPFAttachTypeConstants is the list of BPF attach type constants.

BPFCmdConstants is the list of BPF commands.

BPFHelperFuncConstants is the list of BPF helper func constants.

BPFMapTypeConstants is the list of BPF map type constants.

BPFProgramTypeConstants is the list of BPF program type constants.

ByteOrder holds the hosts byte order.

ErrNonPrintable returned when a string contains non printable char.

ErrNotEnoughData is returned when the buffer is too small to unmarshal the event.

ErrStringArrayOverflow returned when there is a string array overflow.

KernelCapabilityConstants list of kernel capabilities.

SECLConstants are constants available in runtime security agent rules.

SECLLegacyAttributes contains the list of the legacy attributes we need to support.

ArgsEntry defines a args cache entry.

ArgsEnvs raw value for args and envs.

ArgsEnvsCacheEntry defines a args/envs base entry.

ArgsEnvsEvent defines a args/envs event.

BPFEvent represents a BPF event.

BPFMap represents a BPF map.

BPFProgram represents a BPF program.

CapsetEvent represents a capset event.

ChmodEvent represents a chmod event.

ChownEvent represents a chown event.

ContainerContext holds the container context of an event.

Credentials represents the kernel credentials of a process.

EnvsEntry defines a args cache entry.

Event represents an event sent from the kernel genaccessors.

ExecEvent represents a exec event.

FileEvent is the common file event type.

FileFields holds the information required to identify a file.

InvalidateDentryEvent defines a invalidate dentry event.

LinkEvent represents a link event.

MkdirEvent represents a mkdir event.

Model describes the data model for the runtime security agent events.

MountEvent represents a mount event.

MountReleasedEvent defines a mount released event.

OpenEvent represents an open event.

Process represents a process.

ProcessAncestorsIterator defines an iterator of ancestors.

ProcessCacheEntry this struct holds process context kept in the process tree.

ProcessContext holds the process context of an event.

RenameEvent represents a rename event.

RmdirEvent represents a rmdir event.

SELinuxEvent represents a selinux event.

SetgidEvent represents a setgid event.

SetuidEvent represents a setuid event.

SetXAttrEvent represents an extended attributes event.

SpanContext describes a span context.

SyscallEvent contains common fields for all the event.

UmountEvent represents an umount event.

UnlinkEvent represents an unlink event.

UtimesEvent represents a utime event.

BinaryUnmarshaler interface implemented by every event type.

BPFAttachType is used to define attach type constants.

BPFCmd represents a BPF command.

BPFHelperFunc represents a BPF helper function.

BPFMapType is used to define map type constants.

BPFProgramType is used to define program type constants.

ChmodMode represent a chmod mode bitmask value.

EventCategory category type.

EventType describes the type of an event sent from the kernel.

KernelCapability represents a kernel capability bitmask value.

OpenFlags represents an open flags bitmask value.

RetValError represents a syscall return error value.

SELinuxEventKind represents the event kind for SELinux events.

UnlinkFlags represents an unlink flags bitmask value.