Event Types

Types used by messages to deliver details specific to different kinds of Endpoint Security events.

Topics

File-System Event Types

es_file_t

A type that represents a file related to an Endpoint Security event.

es_event_access_t

A type for an event that indicates the checking of a file’s access permission.

es_event_clone_t

A type for an event that indicates the cloning of a file.

es_event_create_t

A type for an event that indicates the creation of a file.

es_event_dup_t

A type for an event that indicates the duplication of a file descriptor.

es_event_fcntl_t

A type for an event that indicates the manipulation of a file descriptor.

es_event_open_t

A type for an event that indicates the opening of a file.

es_event_close_t

A type for an event that indicates the closing of a file.

es_event_rename_t

A type for an event that indicates the renaming of a file.

es_event_truncate_t

A type for an event that indicates the truncation of a file.

es_event_exchangedata_t

A type for an event that indicates the exchange of data between two files.

es_event_write_t

A type for an event that indicates the writing of data to a file.

es_event_lookup_t

A type for an event that indicates the lookup of a file’s path.

File Metadata Event Types

es_event_deleteextattr_t

A type for an event that indicates the deletion of an extended attribute from a file.

es_event_fsgetpath_t

A type for an event that indicates the retrieval of a file-system path.

es_event_getattrlist_t

A type for an event that indicates the retrieval of attributes from a file.

es_event_getextattr_t

A type for an event that indicates the retrieval of an extended attribute from a file.

es_event_listextattr_t

A type for an event that indicates the retrieval of multiple extended attributes from a file.

es_event_readdir_t

A type for an event that indicates the reading of a file-system directory.

es_event_setacl_t

A type for an event that indicates the setting of a file’s access control list.

es_event_setattrlist_t

A type for an event that indicates the setting of an attribute of a file.

es_event_setextattr_t

A type for an event that indicates the setting of an extended attribute of a file.

es_event_setflags_t

A type for an event that indicates the setting of a file’s flags.

es_event_setmode_t

A type for an event that indicates the setting of a file’s mode.

es_event_setowner_t

A type for an event that indicates the setting of a file’s owner.

es_event_stat_t

A type for an event that indicates the retrieval of a file’s status.

es_event_utimes_t

A type for an event that indicates a change to a file’s access time or modification time.

File Provider Event Types

es_event_file_provider_materialize_t

A type for an event that indicates the materialization of a file provider.

es_event_file_provider_update_t

A type for an event that indicates an update to a file provider.

Link Event Types

es_event_link_t

A type for an event that indicates the creation of a symbolic link.

es_event_readlink_t

A type for an event that indicates the reading of a symbolic link.

es_event_unlink_t

A type for an event that indicates the unlinking of a symbolic link.

File System Mounting Event Types

es_event_mount_t

A type for an event that indicates the mounting of a file system.

es_event_unmount_t

A type for an event that indicates the unmounting of a file system.

Memory Mapping Event Types

es_event_mmap_t

A type for an event that indicates the mapping of memory to a file.

es_event_mprotect_t

A type for an event that indicates a change to protection of memory-mapped pages.

Process Event Types

es_event_chdir_t

A type for an event that indicates a change to a process’s working directory.

es_event_chroot_t

A type for an event that indicates a change to a process’s root directory.

es_event_exec_t

A type for an event that indicates the execution of a process.

es_exec_arg

Gets the argument at the specified position from a process execution event.

es_exec_arg_count

Gets the number of arguments from a process execution event.

es_exec_env

Gets the environment variable at the specified position from a process execution event.

es_exec_env_count

Gets the number of environment variables from a process execution event.

es_event_fork_t

A type for an event that indicates the forking of a process.

es_event_get_task_t

A type for an event that indicates the retrieval of a task’s port.

es_event_signal_t

A type for an event that indicates the sending of a signal to a process.

es_event_exit_t

A type for an event that indicates a process exiting.

Socket Event Types

es_event_uipc_bind_t

A type for an event that indicates the binding of a socket to a path.

es_event_uipc_connect_t

A type for an event that indicates the connection of a socket.

Clock Event Types

es_event_settime_t

A type for an event that indicates the modification of the system time.

Kernel Event Types

es_event_iokit_open_t

A type for an event that indicates the opening of an IOKit device.

es_event_kextload_t

A type for an event that indicates the loading of a Kernel Extension (KEXT).

es_event_kextunload_t

A type for an event that indicates the unloading of a Kernel Extension (KEXT).

See Also

Event Monitoring

Client

An opaque type that maintains Endpoint Security client state, and functions related to this type.

Message

A type used by Endpoint Security to notify your client when a monitored action occurs.