rule_base< EVNET > Class Template Referenceabstract
base class for securiy rules detect handler More...
#include <sec_analyzer.h>
Inheritance diagram for rule_base< EVNET >:
Collaboration diagram for rule_base< EVNET >:
Public Member Functions | |
| rule_base (std::shared_ptr< sec_analyzer > analyzer_ptr) | |
| virtual | ~rule_base ()=default |
| virtual int | check_rule (const tracker_event< EVNET > &e, rule_message &msg)=0 |
| void | handle (tracker_event< EVNET > &e) |
| implement this function to handle the event More... | |
 Public Member Functions inherited from event_handler< EVNET > | |
| virtual | ~event_handler ()=default |
| std::shared_ptr< event_handler< EVNET > > | add_handler (std::shared_ptr< event_handler< EVNET >> handler) |
| add a next handler after this handler More... | |
| void | do_handle_event (tracker_event< EVNET > &e) |
| Public Member Functions inherited from event_handler_base< EVNET > | |
| virtual | ~event_handler_base ()=default |
Public Attributes | |
| std::shared_ptr< sec_analyzer > | analyzer |
| Public Attributes inherited from event_handler< EVNET > | |
| std::shared_ptr< event_handler_base< EVNET > > | next_handler |
Detailed Description
template<typename EVNET>
class rule_base< EVNET >
base class for securiy rules detect handler
Constructor & Destructor Documentation
◆ rule_base()
template<typename EVNET >
|
inline |
◆ ~rule_base()
Member Function Documentation
◆ check_rule()
template<typename EVNET >
|
pure virtual |
Implemented in syscall_rule_checker, process_rule_checker, and files_rule_checker.
Here is the caller graph for this function:
◆ handle()
template<typename EVNET >
|
inlinevirtual |
implement this function to handle the event
Implements event_handler< EVNET >.
Member Data Documentation
◆ analyzer
template<typename EVNET >
| std::shared_ptr<sec_analyzer> rule_base< EVNET >::analyzer |
The documentation for this class was generated from the following file:
- include/eunomia/sec_analyzer.h
