is it possible to add a new type support in falcosidekick output which can forward event to a rest endpoint (method, headers...)

Question

is it possible to add a new type support in falcosidekick output which can forward event to a rest endpoint (method, headers...)

pingxie88 opened this issue 2 years ago · 2 comments

Motivation

Use case: The rest endpoint is a Pre-Authenticated url which can upload the file to remote object storage, the curl command looks like: curl -X PUT --data-binary '<your_file>' https://<PAR_url>/<new_file_name>

The expected behavior is this new type can upload the falco event to the remote object storage, the <new_file_name> can auto created from falcosidekick with timestamp.

Feature

/kind-feature

Alternatives

Additional context

Answer 1 · 2023-02-27T17:45:26.000Z

Use case: The rest endpoint is a Pre-Authenticated url which can upload the file to remote object storage, the curl command looks like: curl -X PUT --data-binary '<your_file>' https://<PAR_url>/<new_file_name>

The expected behavior is this new type can upload the falco event to the remote object storage, the <new_file_name> can auto created from falcosidekick with timestamp.

Answer 2 · 2023-02-27T18:15:31.000Z

To embed the event as body, my rest API will be like:

curl -X PUT -H "Content-Type: application/myappname" -d '<event_body>' https://<PAR_url>/<new_file_name>