github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 00:22:15 +00:00
Code Issues Projects Releases Wiki Activity

spelling: extractor

Browse Source 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
This commit is contained in:
Josh Soref 2022-02-24 01:48:02 -05:00 committed by poiana
parent 19ab9e5f35
commit ed11b8833f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
proposals/20210501-plugin-system.md
View File

@ -66,7 +66,7 @@ Source plugins also provide an "id", which is globally unique and is used in cap
An extractor plugin focuses only on field extraction from events generated by other plugins, or by the core libraries. It does *not* provide an event source, but can extract fields from other event sources. An example is json field extraction, where a plugin might be able to extract fields from arbitrary json payloads. An extractor plugin focuses only on field extraction from events generated by other plugins, or by the core libraries. It does *not* provide an event source, but can extract fields from other event sources. An example is json field extraction, where a plugin might be able to extract fields from arbitrary json payloads.
An extractor plugin provides an optional set of event sources. When the framework receives an event with an event source in the plugin's set of event sources, fields in expressions/Falco outputs will be extracted from events using the plugin. An extractor plugin can also *not* name a set of event sources. In this case, fields will be extracted from *all* events, regardless of source. In this case, the exctractor plugin must detect the format of arbitrary payloads and be able to return NULL/no value when the payload is not supported. An extractor plugin provides an optional set of event sources. When the framework receives an event with an event source in the plugin's set of event sources, fields in expressions/Falco outputs will be extracted from events using the plugin. An extractor plugin can also *not* name a set of event sources. In this case, fields will be extracted from *all* events, regardless of source. In this case, the extractor plugin must detect the format of arbitrary payloads and be able to return NULL/no value when the payload is not supported.
### Support for Plugin Events in Capture Files. ### Support for Plugin Events in Capture Files.
@ -474,7 +474,7 @@ typedef struct
// Return value: a json array of strings containing event // Return value: a json array of strings containing event
// sources returned by a source plugin's get_event_source() // sources returned by a source plugin's get_event_source()
// function. // function.
// This function is optional--if NULL then the exctractor // This function is optional--if NULL then the extractor
// plugin will receive every event. // plugin will receive every event.
// //
char* (*get_extract_event_sources)(); char* (*get_extract_event_sources)();