Skip to content

Commit

Permalink
[CWS] make exec event document clearer (#33783)
Browse files Browse the repository at this point in the history
  • Loading branch information
@safchain
safchain authored Feb 7, 2025
1 parent c13ca39 commit 66e8bfa
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions docs/cloud-workload-security/linux_expressions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Triggers are events that correspond to types of activity seen by the system. The
| `chown` | File | A file’s owner was changed | 7.27 |
| `connect` | Network | A connect was executed | 7.60 |
| `dns` | Network | A DNS request was sent | 7.36 |
| `exec` | Process | A process was executed or forked | 7.27 |
| `exec` | Process | A process was executed (does not trigger on fork syscalls). | 7.27 |
| `exit` | Process | A process was terminated | 7.38 |
| `imds` | Network | An IMDS event was captured | 7.55 |
| `link` | File | Create a new name/alias for a file | 7.27 |
Expand Down Expand Up @@ -572,7 +572,7 @@ A DNS request was sent

### Event `exec`

A process was executed or forked
A process was executed (does not trigger on fork syscalls).

| Property | Definition |
| -------- | ------------- |
Expand Down
2 changes: 1 addition & 1 deletion docs/cloud-workload-security/secl_linux.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2007,7 +2007,7 @@
},
{
"name": "exec",
"definition": "A process was executed or forked",
"definition": "A process was executed (does not trigger on fork syscalls).",
"type": "Process",
"from_agent_version": "7.27",
"experimental": false,
Expand Down
2 changes: 1 addition & 1 deletion pkg/security/secl/model/model_unix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ type Event struct {
Chdir ChdirEvent `field:"chdir" event:"chdir"` // [7.52] [File] [Experimental] A process changed the current directory

// process events
Exec ExecEvent `field:"exec" event:"exec"` // [7.27] [Process] A process was executed or forked
Exec ExecEvent `field:"exec" event:"exec"` // [7.27] [Process] A process was executed (does not trigger on fork syscalls).
SetUID SetuidEvent `field:"setuid" event:"setuid"` // [7.27] [Process] A process changed its effective uid
SetGID SetgidEvent `field:"setgid" event:"setgid"` // [7.27] [Process] A process changed its effective gid
Capset CapsetEvent `field:"capset" event:"capset"` // [7.27] [Process] A process changed its capacity set
Expand Down

0 comments on commit 66e8bfa

Please sign in to comment.