Default view of a ContainerEvent includes just basic information.

Full view of a ContainerEvent includes raw Docker and OCI config JSON payloads.

The event is a file open event.

The type of event is unknown.

The field type is an array of bytes.

The field type is a signed 16-bit integer.

The field type is a signed 32-bit integer.

The field type is a signed 64-bit integer.

The field type is a signed 8-bit integer.

The field type is a string.

The field type is an unsigned 16-bit integer.

The field type is an unsigned 32-bit integer.

The field type is an unsigned 64-bit integer.

The field type is an unsigned 8-bit integer.

The field type is unknown.

The event is a kernel function being entered.

The event is a kernel function being exited.

The type of event is unknown.

AF_INET; IPv4 address formats.

AF_INET6; IPv6 address formats.

AF_LOCAL / AF_UNIX; local filesystem address formats.

The network address family is unknown.

The event is an attempt to accept an incoming connection.

The event is the result of an attempt to accept an incoming connection.

The event is an attempt to bind to a local address.

The event is the result of an attempt to bind to a local address.

The event is an attempt to connect to an address.

The event is the result of an attempt to connect to an address.

The event is an attempt to listen for connections.

The event is the result of an attempt to listen for connections.

The event is an attempt to receive data from a specific address.

The event is the result of an attempt to receive data from a specific address.

The event is an attempt to send data to a specific address.

The event is the result of an attempt to send data to a specific address.

The type of event is unknown.

The event is a process exec event.

The event is a process exit event.

The event is a process fork event.

The type of event is unknown.

The event is a syscall enter event.

The event is a syscall exit event.

The type of event is unknown.

hours.

milliseconds.

minutes.

seconds.

The ChargenEventFilter configures a character stream generator and includes events from it in the Subscription.

ContainerEvent describes a Docker container or Rkt App lifecycle event.

The ContainerEventFilter specifies which container lifecycle events to include in the Subscription.

The ContainerFilter restricts events in the Subscription to the running containers indicated.

An event observed by the Sensor.

The EventFilter specifies events to include.

FileEvent describes an event that occurred related to file operations occurring as detected by the Sensor.

The FileEventFilter specifies which file events to include in the Subscription.

A request message to initiate the streaming of telemetry events.

A response message containing telemetry events.

An IPv4 address.

An IPv4 address and port.

An IPv6 address.

An IPv6 address and port.

KernelFunctionCallEvent describes an event that occurred related to kernel functions being entered or exited.

The representation of a field value, which is composed of type information and the value itself.

The KernelFunctionCallFilter specifies which kernel function call events to include in the Subscription.

The LimitModifier cancels the subscription on each Sensor after the specified number of events.

Modifier specifies which stream modifiers to apply if any.

A network address.

NetworkEvent describes an event that occurred related to network activity occurring as detected by the Sensor.

The NetworkEventFilter specifies which network events to include in the Subscription.

ProcessEvent describes an event that occurred related to processes starting and exiting as detected by the Sensor.

The ProcessEventFilter specifies which process events to include in the Subscription.

The Subscription message identifies a subscriber's interest in telemetry events.

SyscallEvent describes an event that occurred related to system calls being made or returning as detected by the Sensor.

The SyscallEventFilter specifies which system call events to include in the Subscription.

A telemetry event received from a Sensor or Recorder.

The ThrottleModifier modulates events sent by the Sensor to one per time interval specified.

The TickerEventFilter configures a ticker stream generator and includes events from it in the Subscription.

The ContainerEventView specifies the level of detail to include for ContainerEvents.

Possible FileEvent types.

Possible field types.

Possible KernelFunctionCallEvent types.

Supported network address families.

Possible network event types.

Possible ProcessEvent types.

Possible SyscallEvent types.

Possible interval types.