github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-24 13:52:16 +00:00
Code Issues Projects Releases Wiki Activity
4,541 Commits 120 Branches 172 Tags 104 MiB
0195dba889
Commit Graph

4541 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Melissa Kilby
0195dba889 cleanup: add getter functions to stats_manager 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Melissa Kilby
b7adcd251d new(metrics): add rules_counters_enabled option 
Intended to replace https://github.com/falcosecurity/falco-exporter
when used with Prometheus output

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Jason Dellaluce
64039196ad chore(unit_tests): fix linting issue 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-17 14:38:57 +02:00
Jason Dellaluce
ec9f148e0b test(engine): cover case of replaced or appended exceptions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-17 14:38:57 +02:00
Jason Dellaluce
e211e97e2a fix(userspace/engine): make sure exception fields are not optional in replace mode 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-17 14:38:57 +02:00
Federico Di Pierro
1bf6a83e31 new(docker): added zstd dep. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-17 13:38:57 +02:00
Luca Guerra
b5461e11a7 new(ci): sign .tar.gz packages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-17 10:17:56 +02:00
Federico Di Pierro
c8072d2640 update(cmake): bumped falcoctl to v0.8.0-rc5. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-16 14:41:54 +02:00
Melissa Kilby
6057c1553e cleanup(engine): print total number of enabled rules 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-16 10:29:53 +02:00
Melissa Kilby
77341cbd2e new(engine): add print_enabled_rules_falco_logger when log_level debug 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-16 10:29:53 +02:00
dependabot[bot]
0869abc65e build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `4f153f5` to `29c41c4`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](4f153f53ae...29c41c4eed)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-16 09:37:53 +02:00
Luca Guerra
eb3ee5d2b2 update(falco): add deprecation warning messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-15 10:33:50 +02:00
Luca Guerra
f9a56d9c9d update(falco): add deprecation notice for -T, -t and -D 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-15 10:33:50 +02:00
Luca Guerra
abf82f6373 update(config): split init_from_content from init_from_file 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Luca Guerra
f6ae8c8470 update(config): experimental->incubating 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Luca Guerra
02afb39a85 new(engine): add 'rules' section description to falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Luca Guerra
35bd348e21 new(falco): implement rule selection configuration in falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Melissa Kilby
60e6798f9b cleanup(metrics): use map for config and rules filenames sha256 tracking 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
91b58c43f1 chore: fix non linux build metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
67a5015be7 cleanup(metrics): use filesystem lib to derive file names + build fix 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
34ecd39113 new(metrics): add file sha256sum metrics for loaded config and rules files 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
2b80cf85ac new(utils): add new helper to calculate file sha256sum 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Federico Di Pierro
44c275dee8 update(cmake): bumped falcoctl to v0.8.0-rc4. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-13 18:32:43 +02:00
Federico Di Pierro
cf88a8cdf8 update(cmake): bump falcoctl to v0.8.0-rc3 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-13 18:32:43 +02:00
Federico Di Pierro
dd9163c6f4 fix(userspace/falco): fix state inizialization. 
This fixes an ugly segfault happening during hot reload.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-09 10:43:58 +02:00
Jason Dellaluce
d17f2afe4f update(cmake): bump libs and driver to a8fdacdb 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
b2e4cddcdf fix(userspace/falco): inizialize options variables 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
c6e3cfd115 test(engine): cover transformers and field-to-field checks in exceptions 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
f18ea1e8b7 update(userspace/engine): support tranformers in exception fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
fa8e780b07 update(userspace/engine): propagate compiler warnings 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
bc078f1f63 update(userspace/engine): support comparins with right-hand fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
ed22e94292 refactor(userspace/libsinsp): support new filter ast structure in falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Federico Aponte
62d1c4fc4d refactor: smart pointer usage 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-05-06 11:10:44 +02:00
dependabot[bot]
96c47e5eeb build(deps): Bump submodules/falcosecurity-rules 
Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `ec255e6` to `4f153f5`.
- [Release notes](https://github.com/falcosecurity/rules/releases)
- [Commits](ec255e68f4...4f153f53ae)

---
updated-dependencies:
- dependency-name: submodules/falcosecurity-rules
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-06 10:33:44 +02:00
Federico Di Pierro
ec0f8077e1 update(cmake): bump libs and driver to latest master. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Andrea Terzolo
0999d45fbf bump ro rc4 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-05-03 12:12:02 +02:00
Federico Di Pierro
20c394ba34 chore(cmake): bumped libs to 0.16.0-rc2. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Andrea Terzolo
e2c2b50b3b chore: disable TLS sanitizer 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-05-03 12:12:02 +02:00
Andrea Terzolo
db1be96ad9 chore: tmp bump to libs master to test Falco CI 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2024-05-03 12:12:02 +02:00
Federico Di Pierro
6954a4028e chore(userspace/engine): bump version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Federico Di Pierro
937637f668 update(cmake): bumped falcoctl to v0.8.0-rc2. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Federico Di Pierro
8b477bdc00 update(cmake): bumped libs and driver to latest RCs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Samuel Gaist
cbfe77d1a0 fix(falco_metrics): remove falco_ prefix for version 
The textual content was fixed but not the metrics name.

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
66d1970952 fix(falco_metrics): make duration_sec and outputs_queue_num_drops monotonic 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
1316b0f448 chore(configuration): add reference to Prometheus endpoint in metrics documentation 
The cross reference makes it easier to pair the web server and the
metrics configuration elements.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
82c914c11d fix(falco_metrics): make duration_sec a count and not a timestamp 
The output will thus be a total which is what this metrics is.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
2ae6103ab6 fix(falco_metrics): remove redundant falco in version metrics 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
65331c0f20 feat(falco_metrics): add event sources 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
1ba35c911a feat(falco_metrics): add duration_sec 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
5ef8f1c311 feat(falco_metrics): add outputs_queue_num_drops 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00