Melissa Kilby
Melissa Kilby
CC @loresuso @darryk10
Yeah I had similar thoughts that we are getting to a point where there is lots of code duplication in this regard (not limited to the type of fields touched...
@Andreagit97 added 3 cleanup commits on top, performing significant consolidation w/ new helpers, beyond the initial request. WDYT and do you have additional ideas?
It seems that while simply rebasing worked, there are updates needed because a few things changed I suspect ... will look into it soon.
> While I was reviewing this, I opted for a slightly different methods organization, let me know if it works for you, otherwise feel free to revert it! In the...
Can we support both? The original motivation was that security analysts who triage these logs want the process lineage as human readable string specifically with the `->` delimiter. It would...
> If the motivation that drives this change is primarily aesthetics, I would rather (a) use EPF_IS_LIST (in this PR) and (b) introduce a generic formatting option that allows the...
> > ok let's do this then, any preferences in field naming given these changes? > > Not sure about this. Perhaps, maybe an implicit convention is to use plural...
Hey, actually the list type would truly defy the original purpose. We do not need the operators "in", "exists" or "intersects" -- at least not for the use case I...
re https://github.com/falcosecurity/libs/pull/1625#issuecomment-1988173684 > proc.aname[] ... proc.aname[] which always takes an argument This would break the existing use of `proc.aname` in the filter expression where we traverse all levels up. ```...