initial ingress filter implementation for 6.1 #61
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DRoglic
suggested changes
Apr 25, 2017
| description: "Optional - Priority of the filter. Higher priority filters are guaranteed to be used first. Negative priorities can be used as well. Default priority is 0" | ||
| internal: | ||
| type: boolean | ||
| description: "Internally provided exclusion (ex. through alliance). Not yet implemented." |
There was a problem hiding this comment.
I would simply say:
description: This field is not used yet. Can be omitted.
| description: "Optional - True to capture metrics for this filter even when disabled. Defaults to true. Note: If we are metering disabled filter, we will resort to metering small sample set to reduce performance impact" | ||
| hit_rate: | ||
| type: float | ||
| description: "measured 15-min hit rate for a given filter as a rate (e.g. 0.01 equals to 1% hit rate). Note that this metrics will be available only for filters that are enabled or have trackMetrics turned on. Also, this metrics counts hit rate of the process, based on pathFilters, commandLineFilters and md5Filters. It doesn't take into the account the individual event hit rate." |
There was a problem hiding this comment.
Should add note that this is a read-only field
| description: "measured 15-min hit rate for a given filter as a rate (e.g. 0.01 equals to 1% hit rate). Note that this metrics will be available only for filters that are enabled or have trackMetrics turned on. Also, this metrics counts hit rate of the process, based on pathFilters, commandLineFilters and md5Filters. It doesn't take into the account the individual event hit rate." | ||
| name: | ||
| type: string | ||
| description: "Name of this filter - displayed in the UI" |
There was a problem hiding this comment.
We don't have UI for this feature yet, so comment "displayed in the UI" should be removed from both this and the next property
| description: "Optional - Which OS should this filter apply to (bitfield mask: 1:windows, 2:osx, 4:linux). Defaults to 7 (all OSs)" | ||
| global: | ||
| type: boolean | ||
| description: "Optional - True to apply to all sensor groups. Defaults to true" |
There was a problem hiding this comment.
Add the note that group_ids and sensor_ids fields are ignored if global is set to true
| type: string | ||
| md5_filters: | ||
| type: array | ||
| description: "Optional - Array of MD5sums to filter." |
There was a problem hiding this comment.
Array of MD5 checksums. Processes that match these MD5s will be filtered
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.