github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-12 21:16:33 +00:00
Code Issues Projects Releases Wiki Activity

Add a default ruleset version of evttypes_for_ruleset

Browse Source 
This allows for working with the default ruleset like other methods.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2021-08-26 11:10:43 -07:00
committed by poiana
parent 230c22b674
commit cc43c721c9
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/falco_engine.cpp
View File

@@ -274,6 +274,11 @@ void falco_engine::evttypes_for_ruleset(std::string &source, std::set<uint16_t>
}
void falco_engine::evttypes_for_ruleset(std::string &source, std::set<uint16_t> &evttypes)
{
evttypes_for_ruleset(source, evttypes, m_default_ruleset);
}
std::shared_ptr<gen_event_formatter> falco_engine::create_formatter(const std::string &source,
const std::string &output)
{

4
userspace/engine/falco_engine.h
View File

@@ -204,6 +204,10 @@ public:
std::set<uint16_t> &evttypes,
const std::string &ruleset);
// Assuming default ruleset
void evttypes_for_ruleset(std::string &source,
std::set<uint16_t> &evttypes);
//
// Given a source and output string, return an
// gen_event_formatter that can format output strings for an