falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-09-12 13:07:49 +00:00

Author	SHA1	Message	Date
rohith-raju	c73e43c973	cleanup: fix workflow and build errors Signed-off-by: rohith-raju <rohithraju488@gmail.com>	2023-08-24 10:30:40 +02:00
Jason Dellaluce	aa6061681d	update: adapt code to multi-platform builds Co-authored-by: Rohith Raju <rohithraju488@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
Lorenzo Susini	4e6149e5da	update(userspace/engine): make rule_matching strategy stateless in falco engine Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-11 10:11:46 +02:00
Lorenzo Susini	6e50d2ad83	update: directly return match_found variable Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it> Signed-off-by: Lorenzo Susini <49318629+loresuso@users.noreply.github.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	2660582198	update(userspace/engine): bump engine version to 22 Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	6acd924c50	perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	1705c0dab3	update(userspace/engine): allow the engine to match and handle multiple rules while processing events Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	c6abf6a133	update(falco.yaml): introduce rule_matching config key Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Andrea Terzolo	528a76a7fe	update(userspace/engine): bump engine version to 21 Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-08-08 14:10:36 +02:00
Jason Dellaluce	bc0fef15ca	update(userspace/engine): bump engine version to 20 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-07 17:29:32 +02:00
Jason Dellaluce	23a0005b25	fix(ci): solve malformed worflow issues Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	5790f0ff64	update: refine engine checksum docs and scoping Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	803d131843	fix(userspce/engine): skip deprecated fields in --list -N option Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Luca Guerra	02202620ff	update(falco): update libs to 0790cff Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-19 10:20:36 +02:00
Luca Guerra	88fb693595	update(falco): update libs to dc02e50 Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-11 16:23:02 +02:00
Lorenzo Susini	9fda7dfb93	fix(userspace/engine): store alternatives as array in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-31 16:16:31 +02:00
Lorenzo Susini	79b9d0ff21	fix(userspace/engine): store required engine version as string in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 12:09:30 +02:00
Lorenzo Susini	6e12b95dd2	update(userspace/engine): address jasondellaluce comments Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	cfb96d0562	update(userspace/engine): adding required_engine_version, required_plugin_versions and exception names to -L output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	75f556e3b7	update(userspace/engine): add required_engine_version to rule collector Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Melissa Kilby	8e0c89d3b4	cleanup(userspace/engine): prometheus compliant regex parsing for metrics interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	fcecde845d	cleanup(userspace): move parse_prometheus_interval to falco_utils Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	f2318a9ac5	cleanup(userspace/falco): address reviewers comments + cleanup * prefix counters and stats belonging to kernel space w/ `k.` else `u.` for userspace * add n_drops_perc from old stats writer schema * revert one change: file output shall reflect exact same "output_fields" key as rule output, note that src is already part of the "output_fields" schema. Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Jason Dellaluce	5d35cda8dc	update(userspace): minor polishing Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 09:58:34 +02:00
Jason Dellaluce	f117d5273c	update(userspace): refactor metrics data flow and fix bugs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	e37027a1d0	cleanup(userspace/falco): address reviewers comments * renaming to `metrics` for technical clarity * adopt Prometheus like metrics interval settings Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Lorenzo Susini	e47ece4de9	update(userspace/engine): address jasondellaluce comments - avoiding inspector to be allocated for each rule - use two boolean values for expecting macros and lists - move items of lists alongside name, under info - use snake case for json output, like we do for e.g alerts - correctly retrieve evt names - consider two levels of lists for exception operators Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	1195b1e7f0	update(userspace/engine): better modularize the code for getting json details Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	e11b4c4430	update(userspace/engine): add event codes to json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	46cbc3c589	update(userspace/engine): add info about all macros and lists in -L option Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	e30729555b	update(userspace/engine): add enabled information to json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	727aed0c03	update(userspace/engine): avoid solving macros AST at each cycle when getting details of all rules Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	c1623771d8	update(userspace/engine): correctly use describe rule based on config Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	9947962cb8	update(userspace/engine): let describe_rule function print out json details when requested Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	a6542a6487	new(userspace/engine): introduce new class to get details about rules Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Jason Dellaluce	c603055acf	fix(userspace/engine): don't count async event for evttype warning Co-authored-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-19 12:15:04 +02:00
Jason Dellaluce	9bfce8cfae	update(userspace): make sure that async event is always matched in rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-19 12:15:04 +02:00
Jason Dellaluce	5175a04c6b	update(userspace/engine): bump engine checksum Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-19 12:15:04 +02:00
Jason Dellaluce	8926022035	update: adapt Falco to new sinsp event source management Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-26 12:59:13 +02:00
Jason Dellaluce	95fa953398	update(cmake): bump libs and driver to ffcd702cf22e99d4d999c278be0cc3d713c6375c Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-04-26 12:59:13 +02:00
Leonardo Grasso	88b9537618	chore(userspace/falco): remove Mesos support Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-04-04 18:31:52 +02:00
Federico Di Pierro	e6078c8d16	chore(userspace): updated fields checksum. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2023-03-22 11:17:07 +01:00
rabbitstack	03285f4140	define Windows equivalent for srandom and random functions Signed-off-by: rabbitstack <nedim.sabic@sysdig.com>	2023-03-17 10:23:26 +01:00
Jason Dellaluce	e8b776a9cb	update(userspace/engine): bump engine version to 17 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	19ffadc763	update(userspace/engine): support searching ppm_sc events in rulesets Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-03-09 09:39:12 +01:00
Jason Dellaluce	5ed5c63202	refactor: adapt event set configuration changes to new libs definition Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	010f6c6a9e	update(userspace/engine): bump fields checksum Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	6c38ecaf0e	update(userspace/engine): adapt engine classes to new libsinsp event definitions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Jason Dellaluce	34ea7a8245	cleanup(userspace/engine): drop filtr_evttype_resolver Its logic was ported into libsinsp in: `3d8550e70e` Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-02-21 14:31:28 +01:00
Melissa Kilby	72439b2eed	cleanup(app_actions): adjust configure_interesting_sets * address reviewers feedback * improve clarity around new -A and -i behavior * additional cleanup (e.g. use generic set operations only) * extend unit tests Note: sinsp ppm sc API is undergoing a refactor, therefore current lookups are interim and will subsequently be refactored as well. Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-02-21 14:31:28 +01:00

1 2 3 4 5 ...

463 Commits