types: add event metadata #2752
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rafaeldtinoco
approved these changes
Feb 21, 2023
There was a problem hiding this comment.
LGTM. I'll let you merge @josedonizetti because I want to make sure this type is like you want for #2753. Either way we can change the type later if needed. Cheers!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1. Explain what the PR does
This PR adds support to Metadata to
trace.Event. At first this will be used to addSignatureMetadatawhen a signature event is created from a detection. Instead of addingSignatureMetadatadirectly, we have a more generic approach allowing for future use by events that are not signatures (eg: derivations, ebpf)The
Metadatafield is a pointer and marked asomitemptyso we only print it if there are metadata.This PR is part of #2355
2. Explain how to test it
Test the PR using this change to add signature metadata to signature events #2753
3. Other comments
The first implementation was using a more dynamic approach, but after discussion we decide to have a structure for the specific fields
Version,Description,Tags,Properties. This is based onSignatureMetadata, but different because we don't need name, nor id, as events already have name and id of themselves.