Union

es_events_t

A C union of event-specific types.

Declaration

typedef union {
    ...
} es_events_t;

Discussion

Each event monitored by Endpoint Security delivers different properties to clients. For example, a file-renaming event provides source and target paths, while a process-forking provides the process identifier of the new child process. This C union represents each kind of event as a unique member, each with a type specific to the kind of data it contains.

Topics

File-System Events

access

Properties of an event that indicates the checking of a file’s access permission.

clone

Properties of an event that indicates the cloning of a file.

close

Properties of an event that indicates the closing of a file.

create

Properties of an event that indicates the creation of a file.

dup

Properties of an event that indicates the duplication of a file descriptor.

exchangedata

Properties of an event that indicates the exchange of data between two files.

fcntl

Properties of an event that indicates the manipulation of a file descriptor.

open

Properties of an event that indicates the opening of a file.

rename

Properties of an event that indicates the renaming of a file.

write

Properties of an event that indicates the writing of data to a file.

truncate

Properties of an event that indicates the truncation of a file.

lookup

Properties of an event that indicates the lookup of a file’s path.

File Metadata Events

deleteextattr

Properties of an event that indicates the deletion of an extended attribute from a file.

fsgetpath

Properties of an event that indicates the retrieval of a file-system path.

getattrlist

Properties of an event that indicates the retrieval of attributes from a file.

getextattr

Properties of an event that indicates the retrieval of an extended attribute from a file.

listextattr

Properties of an event that indicates the retrieval of multiple extended attributes from a file.

readdir

Properties of an event that indicates the reading of a file-system directory.

setacl

Properties of an event that indicates the setting of a file’s access control list.

setattrlist

Properties of an event that indicates the setting of an attribute of a file.

setextattr

Properties of an event that indicates the setting of an extended attribute of a file.

setflags

Properties of an event that indicates the setting of a file’s flags.

setmode

Properties of an event that indicates the setting of a file’s mode.

setowner

Properties of an event that indicates the setting of a file’s owner.

stat

Properties of an event that indicates the retrieval of a file’s status.

utimes

Properties of an event that indicates a change to a file’s access time or modification time.

File Provider Events

file_provider_materialize

Properties of an event that indicates the materialization of a file provider.

file_provider_update

Properties of an event that indicates an update to a file provider.

Symbolic Link Events

link

Properties of an event that indicates the creation of a symbolic link.

readlink

Properties of an event that indicates the reading of a symbolic link.

unlink

Properties of an event that indicates the unlinking of a symbolic link.

File System Mounting Events

mount

Properties of an event that indicates the mounting of a file system.

unmount

Properties of an event that indicates the unmounting of a file system.

Memory Mapping Events

mmap

Properties of an event that indicates the mapping of memory to a file.

mprotect

Properties of an event that indicates a change to protection of memory-mapped pages.

Process Events

chdir

Properties of an event that indicates a change to a process’s working directory.

chroot

Properties of an event that indicates a change to a process’s root directory.

exec

Properties of an event that indicates the execution of a process.

fork

Properties of an event that indicates the forking of a process.

get_task

Properties of an event that indicates the retrieval of a task’s port.

signal

Properties of an event that indicates the sending of a signal to a process.

exit

Properties of an event that indicates a process exiting.

Socket Events

uipc_bind

Properties of an event that indicates the binding of a socket to a path.

uipc_connect

Properties of an event that indicates the connection of a socket.

Clock Events

settime

Properties of an event that indicates the modification of the system time.

Kernel Events

iokit_open

Properties of an event that indicates the opening of an IOKit device.

kextload

Properties of an event that indicates the loading of a Kernel Extension (KEXT).

kextunload

Properties of an event that indicates the unloading of a Kernel Extension (KEXT).

See Also

Identifying the Matched Event

event

The event that triggered this message.

event_type

The type of the message’s event.

es_event_type_t

A type used to identify a message’s event type and subscribe to events of that type.