falco

mirror of https://github.com/falcosecurity/falco.git synced 2026-03-20 03:32:09 +00:00

Author	SHA1	Message	Date
Melissa Kilby	7b28b7acec	feat(userspace): remove experimental outputs queue recovery strategies Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-10-13 18:53:50 +02:00
Leonardo Grasso	db6b15f42c	update: add SPDX license identifier See https://github.com/falcosecurity/evolution/issues/318 Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-21 17:48:48 +02:00
Leonardo Grasso	35cb960917	update(userspace/engine): align `%container.info` defaults with new rule styles Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2023-09-08 19:00:04 +02:00
Melissa Kilby	88a5e1bf45	cleanup(config): rename default outputs queue macro Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	0eff98aa8e	cleanup: apply more reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	016fdae93b	cleanup: apply reviewers suggestions Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	a61f24066f	cleanup(userspace/falco): always set queue capacity and use largest long as default for unbounded Co-authored-by: Andrea Terzolo <andreaterzolo3@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	1e94598eca	new(metrics): add falco.outputs_queue_num_drops metrics + plus fix rebase leftovers Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Melissa Kilby	85883b7200	cleanup(outputs): adopt different style for outputs_queue params encodings Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-09-07 13:15:59 +02:00
Luca Guerra	a22dac6866	update(falco)!: --list-syscall-events is now called --list-events Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Luca Guerra	bfb22527a2	chore(falco): update engine version and checksum Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-09-07 12:47:59 +02:00
Andrea Terzolo	4f8d11acdd	chore: bump engine version and checksum Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-09-04 12:19:46 +02:00
Jason Dellaluce	c8122ff474	fix(userspace/engine): support appending to unknown sources Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-09-01 06:46:31 +02:00
Jason Dellaluce	eabf49892d	update(userspace/falco): bump engine version to 24 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-31 18:33:30 +02:00
Jason Dellaluce	901fca2257	update(userspace/engine): upgrade skip-if-unknown-filter YAML field Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-31 18:33:30 +02:00
Jason Dellaluce	01093d2dfc	fix(userspace/engine): support both old and new gcc + std::move Old gcc versions (e.g. 4.8.3) won't allow move elision but newer versions (e.g. 10.2.1) would complain about the redundant move. Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-30 20:57:27 +02:00
Melissa Kilby	6cdb740786	cleanup(userspace): update parse_prometheus_interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-08-25 15:20:45 +02:00
Jason Dellaluce	4f3181cb1c	update(userspace/engine): bump engine version to 23 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
Jason Dellaluce	527c42c030	chore: polish conditional compilation flags for emscripten Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
rohith-raju	c73e43c973	cleanup: fix workflow and build errors Signed-off-by: rohith-raju <rohithraju488@gmail.com>	2023-08-24 10:30:40 +02:00
Jason Dellaluce	aa6061681d	update: adapt code to multi-platform builds Co-authored-by: Rohith Raju <rohithraju488@gmail.com> Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-24 10:30:40 +02:00
Lorenzo Susini	4e6149e5da	update(userspace/engine): make rule_matching strategy stateless in falco engine Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-11 10:11:46 +02:00
Lorenzo Susini	6e50d2ad83	update: directly return match_found variable Co-authored-by: Andrea Terzolo <andrea.terzolo@polito.it> Signed-off-by: Lorenzo Susini <49318629+loresuso@users.noreply.github.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	2660582198	update(userspace/engine): bump engine version to 22 Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	6acd924c50	perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	1705c0dab3	update(userspace/engine): allow the engine to match and handle multiple rules while processing events Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Lorenzo Susini	c6abf6a133	update(falco.yaml): introduce rule_matching config key Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-08-09 13:36:39 +02:00
Andrea Terzolo	528a76a7fe	update(userspace/engine): bump engine version to 21 Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>	2023-08-08 14:10:36 +02:00
Jason Dellaluce	bc0fef15ca	update(userspace/engine): bump engine version to 20 Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-07 17:29:32 +02:00
Jason Dellaluce	23a0005b25	fix(ci): solve malformed worflow issues Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	5790f0ff64	update: refine engine checksum docs and scoping Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Jason Dellaluce	803d131843	fix(userspce/engine): skip deprecated fields in --list -N option Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-08-04 16:03:22 +02:00
Luca Guerra	02202620ff	update(falco): update libs to 0790cff Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-19 10:20:36 +02:00
Luca Guerra	88fb693595	update(falco): update libs to dc02e50 Signed-off-by: Luca Guerra <luca@guerra.sh>	2023-07-11 16:23:02 +02:00
Lorenzo Susini	9fda7dfb93	fix(userspace/engine): store alternatives as array in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-31 16:16:31 +02:00
Lorenzo Susini	79b9d0ff21	fix(userspace/engine): store required engine version as string in -L json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 12:09:30 +02:00
Lorenzo Susini	6e12b95dd2	update(userspace/engine): address jasondellaluce comments Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	cfb96d0562	update(userspace/engine): adding required_engine_version, required_plugin_versions and exception names to -L output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Lorenzo Susini	75f556e3b7	update(userspace/engine): add required_engine_version to rule collector Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-30 10:45:30 +02:00
Melissa Kilby	8e0c89d3b4	cleanup(userspace/engine): prometheus compliant regex parsing for metrics interval Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	fcecde845d	cleanup(userspace): move parse_prometheus_interval to falco_utils Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	f2318a9ac5	cleanup(userspace/falco): address reviewers comments + cleanup * prefix counters and stats belonging to kernel space w/ `k.` else `u.` for userspace * add n_drops_perc from old stats writer schema * revert one change: file output shall reflect exact same "output_fields" key as rule output, note that src is already part of the "output_fields" schema. Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Jason Dellaluce	5d35cda8dc	update(userspace): minor polishing Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 09:58:34 +02:00
Jason Dellaluce	f117d5273c	update(userspace): refactor metrics data flow and fix bugs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2023-05-23 09:58:34 +02:00
Melissa Kilby	e37027a1d0	cleanup(userspace/falco): address reviewers comments * renaming to `metrics` for technical clarity * adopt Prometheus like metrics interval settings Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2023-05-23 09:58:34 +02:00
Lorenzo Susini	e47ece4de9	update(userspace/engine): address jasondellaluce comments - avoiding inspector to be allocated for each rule - use two boolean values for expecting macros and lists - move items of lists alongside name, under info - use snake case for json output, like we do for e.g alerts - correctly retrieve evt names - consider two levels of lists for exception operators Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	1195b1e7f0	update(userspace/engine): better modularize the code for getting json details Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	e11b4c4430	update(userspace/engine): add event codes to json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	46cbc3c589	update(userspace/engine): add info about all macros and lists in -L option Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00
Lorenzo Susini	e30729555b	update(userspace/engine): add enabled information to json output Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>	2023-05-19 15:56:05 +02:00

1 2 3 4 5 ...

432 Commits