github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-05 00:31:38 +00:00
Code Issues Projects Releases Wiki Activity

Expose evttypes for ruleset

Browse Source 
Add the ability to return the specific event types that are relevant for
a given ruleset. Allows pre-filtering based on ruleset outside the
engine.
This commit is contained in:
Mark Stemm
2017-10-14 01:06:06 +00:00
committed by Mark Stemm
parent e5bd58ab91
commit eeae04ac67
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
userspace/engine/falco_engine.h
View File

@@ -85,6 +85,12 @@ public:
//
uint16_t find_ruleset_id(const std::string &ruleset);
//
// Given a ruleset, fill in a bitset containing the event
// types for which this ruleset can run.
//
void evttypes_for_ruleset(std::vector<bool> &evttypes, const std::string &ruleset);
//
// Given an event, check it against the set of rules in the
// engine and if a matching rule is found, return details on