feat(node-agent): save detection events to dgraph store

kube-tarian · Jul 29, 2023 · 437814f · 437814f
1 parent 6d9a585
commit 437814f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 0 deletions.
diff --git a/pkg/server/dgraphstore/dgraph_event_store.go b/pkg/server/dgraphstore/dgraph_event_store.go
@@ -100,6 +100,9 @@ func (d *dgraphEventList) toPbEvents() []*tarianpb.Event {
 				json.Unmarshal([]byte(evtTarget.Pod.Labels), &t.Pod.Labels)
 			}
 
+			t.DetectionDataType = evtTarget.DetectionDataType
+			t.DetectionData = evtTarget.DetectionData
+
 			event.Targets = append(event.Targets, t)
 		}
 
@@ -131,6 +134,9 @@ const eventFields = `
 			pod_name
 			pod_labels
 		}
+
+		target_detection_data_type
+		target_detection_data
 	}
 `
 
@@ -238,6 +244,9 @@ func dgraphEventFromPb(pbEvent *tarianpb.Event) (*Event, error) {
 			}
 		}
 
+		t.DetectionDataType = pbTarget.GetDetectionDataType()
+		t.DetectionData = pbTarget.GetDetectionData()
+
 		dgraphEvent.Targets = append(dgraphEvent.Targets, t)
 	}
 

diff --git a/pkg/server/dgraphstore/schema.go b/pkg/server/dgraphstore/schema.go
@@ -74,13 +74,17 @@ var schema = `
 	target_violated_processes: string . # json
 	target_violated_files: string . # json
 	target_falco_alert: string .
+	target_detection_data_type: string .
+	target_detection_data: string .
 
 	type Target {
 		pod: Pod
 
 		target_violated_processes
 		target_violated_files
 		target_falco_alert
+		target_detection_data_type
+		target_detection_data
 	}
 `
 

diff --git a/pkg/server/dgraphstore/types.go b/pkg/server/dgraphstore/types.go
@@ -57,4 +57,6 @@ type Target struct {
 	ViolatedFiles     string `json:"target_violated_files,omitempty"`
 	FalcoAlert        string `json:"target_falco_alert,omitempty"`
 	Pod               *Pod   `json:"pod,omitempty"`
+	DetectionDataType string `json:"target_detection_data_type,omitempty"`
+	DetectionData     string `json:"target_detection_data,omitempty"`
 }
diff --git a/pkg/tarianctl/cmd/get/events.go b/pkg/tarianctl/cmd/get/events.go
@@ -70,6 +70,13 @@ func NewGetEventsCommand() *cli.Command {
 						evt.WriteString("pod deleted")
 					}
 
+					if e.GetType() == tarianpb.EventTypeDetection {
+						evt.WriteString("detection: ")
+						evt.WriteString(t.DetectionDataType)
+						evt.WriteString(": ")
+						evt.WriteString(t.DetectionData)
+					}
+
 					evt.WriteString("\n")
 
 					table.Append(