When writing Falco rules, the output needs to be formatted separately for each rule. This must be copied from other rules of written from scratch that can easily introduce inconsistencies and overhead.
A way to create template(s) for output format would streamline work and ensure consistency.
Feature
A macro based or other template facilitates creating a Falco rule output format that can be used in one or more Falco rules.
The macro would contain the same information as the output contains today while the rule output could contain the macro.
samsson
commented
4 months ago
Motivation
When writing Falco rules, the output needs to be formatted separately for each rule. This must be copied from other rules of written from scratch that can easily introduce inconsistencies and overhead.
A way to create template(s) for output format would streamline work and ensure consistency.
Feature
A macro based or other template facilitates creating a Falco rule output format that can be used in one or more Falco rules. The macro would contain the same information as the output contains today while the rule output could contain the macro.
Example:
Alternatives Something else than macro
Additional context
The thought was briefly mentioned here: https://github.com/falcosecurity/falco/issues/577#issuecomment-481077570 by: @mfdii