github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-08 01:59:33 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/engine): add event codes to json output

Browse Source 
Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
This commit is contained in:
Lorenzo Susini
2023-05-16 10:32:59 +00:00
committed by poiana
parent 46cbc3c589
commit e11b4c4430
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
userspace/engine/falco_engine.cpp
View File

@@ -601,6 +601,31 @@ Json::Value falco_engine::get_json_rule_details(const falco_rule& r, filter_deta
}
output["lists"] = lists;
if (rule_info->source == falco_common::syscall_source)
{
Json::Value events = Json::arrayValue;
std::unordered_set<std::string> evts;
for(const auto &e : rule_info->evttypes)
{
auto evt_info = libsinsp::events::info(e);
auto res = evts.insert(std::string(evt_info->name));
if(res.second)
{
events.append(evt_info->name);
}
}
output["events"] = events;
}
output["source"] = rule_info->source;
Json::Value tags = Json::arrayValue;
for(const auto &t : rule_info->tags)
{
tags.append(t);
}
output["tags"] = tags;
details.reset();
return output;