diff --git a/content/en/docs/plugins/_index.md b/content/en/docs/plugins/_index.md index 8e8dae663..3d288d3a5 100644 --- a/content/en/docs/plugins/_index.md +++ b/content/en/docs/plugins/_index.md @@ -189,6 +189,12 @@ If you are interested in authoring your own plugin, or modifying an existing plu Plugins authored by the Falcosecurity community are at the [plugins github repository](https://github.com/falcosecurity/plugins). There, you can also find the [plugin registry](https://github.com/falcosecurity/plugins/blob/master/registry.yaml) containing info about all the plugins officially recognized by the Falcosecurity organization. +Currently, the plugins are: +* **cloudtrail**: Reads Cloudtrail JSON logs from files/S3 and injects as events. +* **dummy**: Reference plugin use to document plugins interface. +* **dummy_c**: Like dummy, but written in C++. +* **json**: Extracts values from any JSON payload. + ## Plugin SDKs To facilitate the development of plugins written in Go, we've written a [SDK](https://github.com/falcosecurity/plugin-sdk-go) that provides support code for writing plugins. The SDK provides Go structs/enums corresponding to the C structs/enums used by the API, has utility packages that manage the details of memory management/type conversion, and presents abstract interfaces that provide a more streamlined interface to potential plugin authors. diff --git a/content/en/docs/plugins/plugin-api-reference.md b/content/en/docs/plugins/plugin-api-reference.md index 552165c0e..f3e6c90e8 100644 --- a/content/en/docs/plugins/plugin-api-reference.md +++ b/content/en/docs/plugins/plugin-api-reference.md @@ -212,7 +212,7 @@ The struct has the following members: * `datalen`: pointer to a 32bit integer. The plugin will set it the size of the buffer pointed by data. * `ts`: the event timestamp, in nanoseconds since the epoch. Can be (uint64_t)-1, in which case the engine will automatically fill the event time with the current time. -It is not necessary to fill in the evtnum struct member when returning events via plugin_next_batch. Event numbers are assigned by the plugin framework. +Filling the `evtnum` struct member when returning events via `plugin_next_batch` has no effect, because event numbers are assigned by the plugin framework. This function should return: