celsig

package
v0.0.0-...-d4ca6f9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 27, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KindSignaturesConfig = "SignaturesConfig"
	APIVersionV1Alpha1   = "tracee.nextlinux.github.io/v1alpha1"
)

Variables

This section is empty.

Functions

func NewSignature

func NewSignature(config SignatureConfig) (detect.Signature, error)

NewSignature constructs a Common Expression Language (CEL) signature based on the specified SignatureConfig.

func NewSignaturesFromDir

func NewSignaturesFromDir(dirPath string) ([]detect.Signature, error)

NewSignaturesFromDir loads CEL signatures from *.cel, *.yaml, and *.yml configuration files in the given configuration directory.

Types

type SignatureConfig

type SignatureConfig struct {
	// Metadata represents signature metadata.
	Metadata detect.SignatureMetadata `yaml:"metadata"`

	// EventSelectors to dispatch events only to these signatures that know how
	// to evaluate them.
	EventSelectors []detect.SignatureEventSelector `yaml:"eventSelectors"`

	// Expression is a CEL expression that is used to evaluate events.
	// To indicate a possible threat the Expression must evaluate to `true`,
	// otherwise event is considered innocent.
	Expression string `yaml:"expression"`
}

SignatureConfig represents CEL signature definition that's typically loaded from a configuration YAML file.

type SignaturesConfig

type SignaturesConfig struct {
	// Kind indicates type of config loaded from a YAML file.
	Kind string `yaml:"kind"`

	// APIVersion is used to version config properties.
	APIVersion string `yaml:"apiVersion"`

	// Signatures defines CEL SignatureConfig.
	Signatures []SignatureConfig `yaml:"signatures"`
}

SignaturesConfig represents multiple CEL signature definitions that are typically loaded from a configuration YAML file.

func NewConfigFromFile

func NewConfigFromFile(filePath string) (SignaturesConfig, error)

NewConfigFromFile loads CEL SignaturesConfig from the specified file.

func NewConfigsFromDir

func NewConfigsFromDir(dirPath string) ([]SignaturesConfig, error)

NewConfigsFromDir loads CEL SignatureConfig objects from the specified directory.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL