character encoding in Endpoint Security events

App & System Services Core OS
___Pavel___ OP
Created Jan ’25
Replies 2
Boosts 0
Views 248
Participants 2

Hello,

My app is handling ES_EVENT_TYPE_AUTH_OPEN. Which character encoding is used in Endpoint Security events? (es_file_t)

Thank you in advance, Pavel

Answered by DTS Engineer in 820899022

Technically, it’s not specified. You just get the bytes that were passed to the open system call.

In practice, it’s almost always going to be UTF-8.

One thing to watch out for is normal forms. The normal form is also not specified. In many cases you’ll get decomposed but it’s also possible to see precomposed (risk wise, this precomposed is much more likely than alternative encodings). Your ES client has to handle both.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  2
Boosts  0
Views  248
Participants  2
DTS Engineer OP
Apple
Jan ’25
Accepted Answer
Recommended

Technically, it’s not specified. You just get the bytes that were passed to the open system call.

In practice, it’s almost always going to be UTF-8.

One thing to watch out for is normal forms. The normal form is also not specified. In many cases you’ll get decomposed but it’s also possible to see precomposed (risk wise, this precomposed is much more likely than alternative encodings). Your ES client has to handle both.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
___Pavel___ OP
Jan ’25

thank you for support!

0
character encoding in Endpoint Security events
First post date Last post date
 
 
Q