search

falcosecurity / falco

Cloud Native Runtime Security
https://falco.org
Apache License 2.0
7.16k stars 884 forks source link

Allow glob matching on pathnames in filters #48

Closed mstemm closed 7 years ago

mstemm commented 8 years ago

Add support for glob matching on pathnames in filters. For example you could write 'evt.arg[0] glob /bin/*' or similar.

This may have to be handled at the sysdig level, but we could also possibly translate it into a regex match.

henridf commented 8 years ago

Unless I've missed something new I don't think there's a regex match. But either way, the matching (glob or regex) should be done down in libsinsp.

That doesn't mean we have to expose this to regular sysdig filters. For example, in-expression optimization is implemented in libsinsp but operates over an filter type that is (currently) only generated by Falco.

mstemm commented 7 years ago

This was actually fixed on the sysdig side in https://github.com/draios/sysdig/pull/653. Closing.