github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-19 06:37:15 +00:00
Code Issues Projects Releases Wiki Activity

new(userspapace/engine): add capture and capture_duration to the engine

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2025-07-18 13:08:04 +02:00 committed by poiana
parent 21350a282c
commit 1da5514012
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
userspace/engine/falco_engine.cpp
View File

@ -1,6 +1,6 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Copyright (C) 2025 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -413,6 +413,8 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
rule_result.source = rule.source;
rule_result.format = rule.output;
rule_result.priority_num = rule.priority;
rule_result.capture = rule.capture;
rule_result.capture_duration_ns = uint64_t(rule.capture_duration) * 1000000LL;
rule_result.tags = rule.tags;
rule_result.exception_fields = rule.exception_fields;
rule_result.extra_output_fields = rule.extra_output_fields;
@ -568,6 +570,8 @@ void falco_engine::get_json_details(
rule_info["description"] = r.description;
rule_info["enabled"] = info.enabled;
rule_info["source"] = r.source;
rule_info["capture"] = r.capture;
rule_info["capture_duration"] = r.capture_duration;
rule_info["tags"] = sequence_to_json_array(info.tags);
out["info"] = std::move(rule_info);

2
userspace/engine/falco_engine.h
View File

@ -228,6 +228,8 @@ public:
std::set<std::string> exception_fields;
std::set<std::string> tags;
extra_output_field_t extra_output_fields;
bool capture;
uint64_t capture_duration_ns;
};
//

4
userspace/engine/falco_rule.h
View File

@ -1,6 +1,6 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Copyright (C) 2025 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -104,6 +104,8 @@ struct falco_rule {
std::set<std::string> tags;
std::set<std::string> exception_fields;
falco_common::priority_type priority;
bool capture;
uint32_t capture_duration;
std::shared_ptr<libsinsp::filter::ast::expr> condition;
std::shared_ptr<sinsp_filter> filter;
};