falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-08-09 18:17:57 +00:00

Author	SHA1	Message	Date
Mark Stemm	334302e525	Allow enabling rules by ruleset id in addition to name Add alternate enable_* methods that allow enabling rulesets by ruleset id in addition to name. This might be used by some filter_rulesets to enable/disable rules on the fly via the falco engine. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2023-12-18 15:58:04 +01:00
Andrea Terzolo	ed346e90cd	update(falco): bump engine version and checksum Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-12-13 16:59:46 +01:00
Federico Aponte	e427c800f3	chore(build): fix error using find_package with ExternalProject_Add Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-11 16:52:39 +01:00
Federico Aponte	5e17ba6c23	chore(build): allow usage of non-bundled nlohmann-json Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-11 16:52:39 +01:00
Federico Aponte	44b7352180	cleanup: fix several warnings from a Clang build Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>	2023-12-06 16:40:26 +01:00
Jason Dellaluce	390a13bd40	update(userspace): optimizations in validation and description steps Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-12-02 09:38:15 +01:00
Jason Dellaluce	e3943ccac3	refactor(userspace/engine): uniform json lib in rules description and not print from engine Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-12-02 09:38:15 +01:00
Luca Guerra	6411eed4a7	cleanup(falco): remove decode_uri as it is no longer used Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-29 17:42:06 +01:00
Melissa Kilby	3b068919d0	update(cmake): bump libs and driver to c2fd308 plus bump falco engine version Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-11-28 12:57:04 +01:00
Jason Dellaluce	66a122d4ce	update(userspace/engine): bump engine version Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-16 09:26:19 +01:00
Jason Dellaluce	04e2f19915	refactor: solve compilation issues with latest libs changes Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-16 09:26:19 +01:00
Jason Dellaluce	359bd6e593	cleanup(userspace/engine): remove legacy k8saudit implementation Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-15 16:05:15 +01:00
Luca Guerra	8bf40cdf88	update(engine): port decode_uri in falco engine Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-11-14 20:36:15 +01:00
Jason Dellaluce	f5985720f1	fix(userspace/engine): cache latest rules compilation output Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 20:32:07 +01:00
Jason Dellaluce	2e7cacb4e0	fix(userspace/engine): solve description of macro-only rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-11-02 16:16:06 +01:00
Luca Guerra	1e38967b18	update(engine): remove banned.h Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-10-19 17:41:22 +02:00
Roberto Scolaro	b7cef5bab2	fix(userspace/engine): fix memory leak Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>	2023-10-17 21:20:15 +02:00
Melissa Kilby	dd807b19c8	feat(userspace): remove experimental outputs queue recovery strategies Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-12 13:03:46 +02:00
Lorenzo Susini	09b1f92267	update(userspace/engine): update falco engine checksum Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	1326ca356e	update(userspace/engine): address jasondellaluce comments for maintainability Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	f8cbeaaa9b	update(userspace/engine): let the rule loader reader and collector be able to load rules with both numeric and semver string required_engine_version Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Lorenzo Susini	cd6cb14c08	update(userspace/engine): convert engine version to semver string Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-09-28 20:05:21 +02:00
Jason Dellaluce	d3e1a1f746	chore(userspace/engine): apply codespell suggestions Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	aae114c331	refactor(userspace/engine)!: rename some description details outputs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	b67ad907a7	fix(userspace/engine): solve issues with filter details resolver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	dc264a0577	fix(userspace/engine): solve issues in describing rules/macros/lists Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	8f411f3d3b	refactor(userspace/engine): modularize rules files compilation Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	cba80a404f	fix(userspace/engine): print rules fields with arguments Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	26bdefae8e	update(userspace/engine): support printing plugins used by rules Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	dce5cac820	update(userspace/engine): find evt names in filter resolver Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Jason Dellaluce	ab77a5d687	update(userspace/engine): refactor rule describe methods to accept plugins Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-28 12:39:20 +02:00
Leonardo Grasso	fe50ac22ee	update: add SPDX license identifier See https://github.com/falcosecurity/evolution/issues/318 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-21 13:21:47 +02:00
Leonardo Grasso	35cb960917	update(userspace/engine): align `%container.info` defaults with new rule styles Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-08 19:00:04 +02:00
Melissa Kilby	88a5e1bf45	cleanup(config): rename default outputs queue macro Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	0eff98aa8e	cleanup: apply more reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	016fdae93b	cleanup: apply reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	a61f24066f	cleanup(userspace/falco): always set queue capacity and use largest long as default for unbounded Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	1e94598eca	new(metrics): add falco.outputs_queue_num_drops metrics + plus fix rebase leftovers Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	85883b7200	cleanup(outputs): adopt different style for outputs_queue params encodings Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Luca Guerra	a22dac6866	update(falco)!: --list-syscall-events is now called --list-events Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Luca Guerra	bfb22527a2	chore(falco): update engine version and checksum Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Andrea Terzolo	4f8d11acdd	chore: bump engine version and checksum Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-04 12:19:46 +02:00
Jason Dellaluce	c8122ff474	fix(userspace/engine): support appending to unknown sources Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-01 06:46:31 +02:00
Jason Dellaluce	eabf49892d	update(userspace/falco): bump engine version to 24 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-31 18:33:30 +02:00
Jason Dellaluce	901fca2257	update(userspace/engine): upgrade skip-if-unknown-filter YAML field Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-31 18:33:30 +02:00
Jason Dellaluce	01093d2dfc	fix(userspace/engine): support both old and new gcc + std::move Old gcc versions (e.g. 4.8.3) won't allow move elision but newer versions (e.g. 10.2.1) would complain about the redundant move. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-30 20:57:27 +02:00
Melissa Kilby	6cdb740786	cleanup(userspace): update parse_prometheus_interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-08-25 15:20:45 +02:00
Jason Dellaluce	4f3181cb1c	update(userspace/engine): bump engine version to 23 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
Jason Dellaluce	527c42c030	chore: polish conditional compilation flags for emscripten Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
rohith-raju	c73e43c973	cleanup: fix workflow and build errors Signed-off-by: rohith-raju <rohithraju488@gmail.com>	2023-08-24 10:30:40 +02:00

1 2 3 4 5 ...

462 Commits