github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-10 18:42:33 +00:00
Code Issues Projects Releases Wiki Activity

Add a default ruleset version of evttypes_for_ruleset

Browse Source 
This allows for working with the default ruleset like other methods.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm 2021-08-26 11:10:43 -07:00 committed by poiana
parent 230c22b674
commit cc43c721c9
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
userspace/engine/falco_engine.cpp
View File

@ -274,6 +274,11 @@ void falco_engine::evttypes_for_ruleset(std::string &source, std::set<uint16_t>
} }
void falco_engine::evttypes_for_ruleset(std::string &source, std::set<uint16_t> &evttypes)
{
evttypes_for_ruleset(source, evttypes, m_default_ruleset);
}
std::shared_ptr<gen_event_formatter> falco_engine::create_formatter(const std::string &source, std::shared_ptr<gen_event_formatter> falco_engine::create_formatter(const std::string &source,
const std::string &output) const std::string &output)
{ {

4
userspace/engine/falco_engine.h
View File

@ -204,6 +204,10 @@ public:
std::set<uint16_t> &evttypes, std::set<uint16_t> &evttypes,
const std::string &ruleset); const std::string &ruleset);
// Assuming default ruleset
void evttypes_for_ruleset(std::string &source,
std::set<uint16_t> &evttypes);
// //
// Given a source and output string, return an // Given a source and output string, return an
// gen_event_formatter that can format output strings for an // gen_event_formatter that can format output strings for an