-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export a source conversion/transformation method as part of the SDK #84
Labels
kind/feature
New feature or request
Comments
@jasondellaluce and @leogr , I opened this issue as not to lose track of Jason' comment. |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Motivation
Some plugins, for example the k8saudit-xxx plugins, require an additional step to ingest events. The event from the source is not in the format as expected by the field extraction. E.g. in case of the
k8saudit-gke
plugin, the raw source event is a Google specific logging event. To be able to use thek8saudit
plugin field extraction and rules a conversion/transformation is required.To guarantee some sort of method signature and documentation for an optional conversion/transformation method, this method should preferably be part of the SDK. This allows building on top of the plugin code and reuse the conversion/transformation logic and extraction method.
Feature
Introduce a convert/transform method as part of the SDK api, just like the
Open
andExtract
methods. Ideally the framework takes care of wiring everything together. This convert/transform method should maybe be part of theevent sourcing
capability:Alternatives
Additional context
For reference, falcosecurity/plugins issue #490
The text was updated successfully, but these errors were encountered: