tracee [FEAT] Tracee internal Filters API

[FEAT] Tracee internal Filters API

Open NDStrahilevitz opened this issue 3 years ago • 0 comments

Prerequisites

[ ] This issue is an EPIC issue (add label: EPIC).
[x] This issue is an EPIC TASK (add issue to EPIC description).

Select one OR another:

[x] I'll create a PR to implement this feature (assign to yourself).

Feature description

In order to enable runtime configuration of filters, the capabilities of current filtering logic in tracee must be extended to allow adding new filters on the go.

As such a new Filter interface should be defined which will describe the logical steps needed to add a filter. This API will be implemented by the existing filters StringFilter UintFilter, etc. These new logics will be in pkg/filters. In addition BPFFilters will be added to expand upon the existing base userspace filters.

Additional Information (feature drawings, files, logs, etc)

Interface draft:

type Operator uint

const (
	Equal Operator = iota
	NotEqual
	Greater
	Lesser
	GreaterEqual
	LesserEqual
)

type Filter interface {
	Filter(val) bool
	Add(val, operator) error
	Enable() error
	Disable() error
	Enabled() bool
	Operators() []Operator
}

May 03 '22 13:05 NDStrahilevitz

tracee tracee copied to clipboard

[FEAT] Tracee internal Filters API

Prerequisites

Feature description

Additional Information (feature drawings, files, logs, etc)

tracee
tracee copied to clipboard