Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyze mode should support same (or similar) features as regular pipeline. #3520

Open
AlonZivony opened this issue Sep 28, 2023 · 1 comment · May be fixed by #4120
Open

Analyze mode should support same (or similar) features as regular pipeline. #3520

AlonZivony opened this issue Sep 28, 2023 · 1 comment · May be fixed by #4120
Assignees
@NDStrahilevitz
Labels
area/rules kind/feature
Milestone
v0.23.0

Comments

@AlonZivony
Copy link
Contributor

AlonZivony commented Sep 28, 2023
edited by rafaeldtinoco
Loading

The current analyze mode is a replacement of the previous tracee-rules binary but misses many new features developed since then.

It needs to support at least a few things, such as:

  • access to process tree information through data sources
  • access to container enrichment info through data sources

For the data source to be available to the analyze mode, some steps being taken during the pipe line stages will have to be disabled (like realtime procfs access) and the data source might have to be serialized in a way it can be consumed later (for example).
@AlonZivony AlonZivony added this to the v0.20.0 milestone Sep 28, 2023
@AlonZivony
Copy link
Contributor Author

Example of a use case - #3498 (comment)

@rafaeldtinoco rafaeldtinoco self-assigned this Oct 10, 2023
@rafaeldtinoco rafaeldtinoco modified the milestones: v0.20.0, v0.19.0 Oct 10, 2023
@rafaeldtinoco rafaeldtinoco changed the title Change analyze mode to use the normal pipeline Analyze mode should support same (or similar) features as regular pipeline. Oct 10, 2023
@itaysk itaysk modified the milestones: v0.19.0, v0.20.0 Oct 17, 2023
@AlonZivony AlonZivony mentioned this issue Nov 5, 2023
Closed
@yanivagman yanivagman modified the milestones: v0.20.0, v0.21.0 Feb 6, 2024
@yanivagman yanivagman modified the milestones: v0.21.0, v0.22.0 Apr 16, 2024
@yanivagman yanivagman linked a pull request Jun 13, 2024 that will close this issue
Draft
@yanivagman yanivagman assigned rscampos and unassigned AlonZivony Jun 25, 2024
This was referenced Jul 2, 2024
Merged
Merged
@yanivagman yanivagman modified the milestones: v0.22.0, v0.23.0 Aug 12, 2024
@NDStrahilevitz NDStrahilevitz mentioned this issue Sep 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NDStrahilevitz NDStrahilevitz

Labels
area/rules kind/feature
Projects
None yet
Milestone
v0.23.0
6 participants
@itaysk @rscampos @rafaeldtinoco @yanivagman @NDStrahilevitz @AlonZivony