Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New transformer: concat(<item1>, <item2>, ...) #2025

Open
Tracked by #3255
leogr opened this issue Aug 27, 2024 · 1 comment
Open
Tracked by #3255

New transformer: concat(<item1>, <item2>, ...) #2025

leogr opened this issue Aug 27, 2024 · 1 comment
Assignees
Labels
kind/feature New feature or request

Comments

@leogr
Copy link
Member

leogr commented Aug 27, 2024

Motivation

Please look at this comment for context.

The concat(<item1>, <item2>, ...) transformer concatenates items (either a field or a literal string) given as arguments and returns a new string.

Its output can be utilized in two primary ways:

  1. In conditions for filtering.
  2. In the output: field of Falco's rule.

One significant use case is concat(fd.rip, ":", fd.rport) in ("8.8.8.8:53","4.4.4.4:53") as reported by #1981

Feature

Implement the concat(<item1>, <item2>, ...) as described above.
The transformer should return a concatenated string.

Note: Implementing this transformer requires extending the current syntax to allow a variable number of arguments to be accepted by a transformer.

Alternatives

Please look at #1981 for more context on the evaluated alternatives.

@therealbobo
Copy link
Contributor

/assign

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants