search

exein-io / pulsar

A modular and blazing fast runtime security tool for the IoT, powered by eBPF.
https://pulsar.sh
Other
888 stars 51 forks source link

feat: allow threats to be logged as JSON #277

Closed bcelenza closed 4 months ago

bcelenza commented 4 months ago

Allow threats to be logged as JSON

Issue: https://github.com/exein-io/pulsar/issues/264

This feature allows threat reporting to be output as JSON. Output format can be configured via pulsar.ini or at runtime with pulsar config --set logging.output_format=.... The default output format is plaintext to match the current behavior.

Example JSON output of a file creation threat (from the README):

{"header":{"image":"/usr/bin/ln","pid":36738,"parent_pid":12810,"container":null,"threat":{"source":"rules-engine","description":"Create sensitive files symlink","extra":null},"source":"file-system-monitor","timestamp":{"secs_since_epoch":1713625327,"nanos_since_epoch":832828392},"fork_time":{"secs_since_epoch":1713625327,"nanos_since_epoch":818390681}},"payload":{"type":"FileLink","content":{"source":"/tmp/secret","destination":"/etc/shadow","hard_link":false}}}

I have