feat: add thread capabilities

Makefile

@@ -24,7 +24,7 @@ INSTALL_PATH=/usr/local/sysflow
 
 .PHONY: build
 build: version deps
-	cd $(SRC) && $(GOBUILD) -o $(OUTPUT) -v
+	cd $(SRC) && CGO_ENABLED=0 $(GOBUILD) -o $(OUTPUT) -v
 
 .PHONY: package
 package: 

README.md

@@ -34,7 +34,7 @@ The SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and
 
 The SysFlow framework consists of the following sub-projects:
 
-- [sf-apis](https://github.com/sysflow-telemetry/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.
+- [sf-apis](https://github.com/cisco-eti/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.
 - [sf-collector](https://github.com/sysflow-telemetry/sf-collector) monitors and collects system call and event information from hosts and exports them in the SysFlow format using Apache Avro object serialization.
 - [sf-processor](https://github.com/sysflow-telemetry/sf-processor) provides a performance optimized policy engine for processing, enriching, filtering SysFlow events, generating alerts, and exporting the processed data to various targets.
 - [sf-exporter](https://github.com/sysflow-telemetry/sf-exporter) exports SysFlow traces to S3-compliant storage systems for archival purposes.

core/cache/tables.go

@@ -22,7 +22,7 @@
 package cache
 
 import (
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 )
 
 // SFTables defines thread-safe shared cache for plugins for storing SysFlow entities.

core/exporter/commons/config.go

@@ -23,7 +23,7 @@ package commons
 import (
 	"strconv"
 
-	"github.com/sysflow-telemetry/sf-apis/go/secrets"
+	"github.com/cisco-eti/sf-apis/go/secrets"
 )
 
 // Configuration keys.

core/exporter/encoders/ecs.go

@@ -30,8 +30,8 @@ import (
 	"strings"
 
 	"github.com/cespare/xxhash/v2"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 	"github.com/satta/gommunityid"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
@@ -470,14 +470,22 @@ func encodeUser(rec *flatrecord.Record) JSONData {
 // encodeProcess creates an ECS process field including the nested parent process.
 func encodeProcess(rec *flatrecord.Record) JSONData {
 	exe := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_EXE)(rec)
+
+	capPerm := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_PERMITTED)(rec)
+	capEff := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_EFFECTIVE)(rec)
+	capInherit := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_INHERITABLE)(rec)
+
 	process := JSONData{
-		ECS_PROC_EXE:     exe,
-		ECS_PROC_ARGS:    flatrecord.Mapper.MapStr(flatrecord.SF_PROC_ARGS)(rec),
-		ECS_PROC_CMDLINE: flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CMDLINE)(rec),
-		ECS_PROC_PID:     flatrecord.Mapper.MapInt(flatrecord.SF_PROC_PID)(rec),
-		ECS_PROC_START:   utils.ToIsoTimeStr(flatrecord.Mapper.MapInt(flatrecord.SF_PROC_CREATETS)(rec)),
-		ECS_PROC_NAME:    path.Base(exe),
-		ECS_PROC_THREAD:  JSONData{ECS_PROC_TID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_TID)(rec)},
+		ECS_PROC_EXE:           exe,
+		ECS_PROC_ARGS:          flatrecord.Mapper.MapStr(flatrecord.SF_PROC_ARGS)(rec),
+		ECS_PROC_CMDLINE:       flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CMDLINE)(rec),
+		ECS_PROC_PID:           flatrecord.Mapper.MapInt(flatrecord.SF_PROC_PID)(rec),
+		ECS_PROC_START:         utils.ToIsoTimeStr(flatrecord.Mapper.MapInt(flatrecord.SF_PROC_CREATETS)(rec)),
+		ECS_PROC_NAME:          path.Base(exe),
+		ECS_PROC_THREAD:        JSONData{ECS_PROC_TID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_TID)(rec)},
+		ECS_PROC_CAP_PERMITTED: capPerm,
+		ECS_PROC_CAP_EFFECTIVE: capEff,
+		ECS_PROC_CAP_INHERITED: capInherit,
 	}
 	pexe := flatrecord.Mapper.MapStr(flatrecord.SF_PPROC_EXE)(rec)
 	parent := JSONData{

core/exporter/encoders/ecsconstants.go

@@ -93,16 +93,19 @@ const (
 	ECS_POD_INTERNALIP   = "internalip"
 	ECS_POD_RESTARTCOUNT = "restartcnt"
 
-	ECS_PROC_ARGS_COUNT = "args_count"
-	ECS_PROC_ARGS       = "args"
-	ECS_PROC_CMDLINE    = "command_line"
-	ECS_PROC_EXE        = "executable"
-	ECS_PROC_NAME       = "name"
-	ECS_PROC_PARENT     = "parent"
-	ECS_PROC_PID        = "pid"
-	ECS_PROC_THREAD     = "thread"
-	ECS_PROC_TID        = "id"
-	ECS_PROC_START      = "start"
+	ECS_PROC_ARGS_COUNT    = "args_count"
+	ECS_PROC_ARGS          = "args"
+	ECS_PROC_CMDLINE       = "command_line"
+	ECS_PROC_EXE           = "executable"
+	ECS_PROC_NAME          = "name"
+	ECS_PROC_PARENT        = "parent"
+	ECS_PROC_PID           = "pid"
+	ECS_PROC_THREAD        = "thread"
+	ECS_PROC_TID           = "id"
+	ECS_PROC_CAP_PERMITTED = "cap_permitted"
+	ECS_PROC_CAP_INHERITED = "cap_inherited"
+	ECS_PROC_CAP_EFFECTIVE = "cap_effective"
+	ECS_PROC_START         = "start"
 
 	ECS_SF_FA_RBYTES = "bytes_read"
 	ECS_SF_FA_ROPS   = "read_ops"

core/exporter/encoders/json.go

@@ -27,8 +27,9 @@ import (
 	"strings"
 	"unicode/utf8"
 
+	"github.com/cisco-eti/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 	"github.com/mailru/easyjson/jwriter"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"
@@ -504,6 +505,7 @@ func MapJSON(fv *flatrecord.FieldValue, writer *jwriter.Writer, r *flatrecord.Re
 	switch fv.Entry.Type {
 	case flatrecord.MapStrVal:
 		v := r.GetStr(fv.Entry.FlatIndex, fv.Entry.Source)
+		logger.Info.Println("Mapping string value.", v, " Source: ", fv.Entry.Source, "flat index", fv.Entry.FlatIndex)
 		writer.String(utils.TrimBoundingQuotes(v))
 	case flatrecord.MapIntVal:
 		writer.Int64(r.GetInt(fv.Entry.FlatIndex, fv.Entry.Source))

core/exporter/encoders/occurrence.go

@@ -32,11 +32,11 @@ import (
 	"time"
 
 	"github.com/cespare/xxhash/v2"
+	"github.com/cisco-eti/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 	"github.com/linkedin/goavro"
 	cmap "github.com/orcaman/concurrent-map"
 	"github.com/steakknife/bloomfilter"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders/avro/occurrence/event"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"

core/exporter/exporter.go

@@ -25,8 +25,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
-	"github.com/sysflow-telemetry/sf-apis/go/plugins"
+	"github.com/cisco-eti/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/plugins"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/transports"

core/exporter/transports/elastic.go

@@ -31,10 +31,10 @@ import (
 	"os"
 	"time"
 
+	"github.com/cisco-eti/sf-apis/go/logger"
 	elasticsearch "github.com/elastic/go-elasticsearch/v8"
 	estransport "github.com/elastic/go-elasticsearch/v8/estransport"
 	"github.com/elastic/go-elasticsearch/v8/esutil"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
 )

core/exporter/transports/findings.go

@@ -28,8 +28,8 @@ import (
 	"github.com/IBM/go-sdk-core/v5/core"
 	"github.com/IBM/scc-go-sdk/v3/common"
 	"github.com/IBM/scc-go-sdk/v3/findingsv1"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/pkg/errors"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"

core/exporter/transports/syslog.go

@@ -27,7 +27,7 @@ import (
 	"fmt"
 
 	syslog "github.com/RackSec/srslog"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
 	"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
 )

core/exporter/utils/utils.go

@@ -25,7 +25,7 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 )
 
 // TrimBoundingQuotes removes bounding quotes from string.

core/flattener/filter.go

@@ -26,7 +26,7 @@ import (
 	"time"
 
 	"github.com/cespare/xxhash/v2"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 )
 
 var byteInt64 []byte = make([]byte, 8)

core/flattener/flattener.go

@@ -26,9 +26,9 @@ import (
 	"encoding/json"
 	"strings"
 
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
-	"github.com/sysflow-telemetry/sf-apis/go/plugins"
-	"github.com/sysflow-telemetry/sf-apis/go/sfgo"
+	"github.com/cisco-eti/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/plugins"
+	"github.com/cisco-eti/sf-apis/go/sfgo"
 )
 
 const (
@@ -152,6 +152,9 @@ func (s *Flattener) HandleNetFlow(sf *plugins.CtxSysFlow, nf *sfgo.NetworkFlow)
 	s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, nil, fr)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_TS_INT] = nf.Ts
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_TID_INT] = nf.Tid
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_PERMITTED_STR] = nf.TCapPermitted
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_EFFECTIVE_STR] = nf.TCapEffective
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_INHERITABLE_STR] = nf.TCapInheritable
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_OPFLAGS_INT] = int64(nf.OpFlags)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_ENDTS_INT] = nf.EndTs
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_SIP_INT] = int64(nf.Sip)
@@ -177,6 +180,9 @@ func (s *Flattener) HandleFileFlow(sf *plugins.CtxSysFlow, ff *sfgo.FileFlow) er
 	s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, sf.File, fr)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_TS_INT] = ff.Ts
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_TID_INT] = ff.Tid
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_PERMITTED_STR] = ff.TCapPermitted
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_EFFECTIVE_STR] = ff.TCapEffective
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_INHERITABLE_STR] = ff.TCapInheritable
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_OPFLAGS_INT] = int64(ff.OpFlags)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_OPENFLAGS_INT] = int64(ff.OpenFlags)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_ENDTS_INT] = ff.EndTs
@@ -219,6 +225,9 @@ func (s *Flattener) HandleFileEvt(sf *plugins.CtxSysFlow, fe *sfgo.FileEvent) er
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_TID_INT] = fe.Tid
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_OPFLAGS_INT] = int64(fe.OpFlags)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_RET_INT] = int64(fe.Ret)
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_PERMITTED_STR] = fe.TCapPermitted
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_EFFECTIVE_STR] = fe.TCapEffective
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_INHERITABLE_STR] = fe.TCapInheritable
 	fr.Ptree = sf.PTree
 	fr.GraphletID = sf.GraphletID
 	s.out(fr)
@@ -242,6 +251,9 @@ func (s *Flattener) HandleProcEvt(sf *plugins.CtxSysFlow, pe *sfgo.ProcessEvent)
 	s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, nil, fr)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_TS_INT] = pe.Ts
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_TID_INT] = pe.Tid
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_PERMITTED_STR] = pe.TCapPermitted
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_EFFECTIVE_STR] = pe.TCapEffective
+	fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_INHERITABLE_STR] = pe.TCapInheritable
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_OPFLAGS_INT] = int64(pe.OpFlags)
 	fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_RET_INT] = int64(pe.Ret)
 	fr.Ptree = sf.PTree

core/go.mod

@@ -40,14 +40,14 @@ require (
 	github.com/satta/gommunityid v0.0.0-20210315182841-1cdcb73ce408
 	github.com/steakknife/bloomfilter v0.0.0-20180922174646-6819c0d2a570
 	github.com/stretchr/testify v1.7.0
-	github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300
 	github.com/tidwall/gjson v1.14.1
 	golang.org/x/exp v0.0.0-20230206171751-46f607a40771
 )
 
 require (
 	github.com/alecthomas/participle v0.7.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
+	github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-openapi/errors v0.19.8 // indirect
 	github.com/go-openapi/strfmt v0.21.1 // indirect

core/go.sum

@@ -28,6 +28,16 @@ github.com/bradleyjkemp/sigma-go v0.5.1 h1:2a747+swYse4KfIvLRCg49q118MSONk5+W/Je
 github.com/bradleyjkemp/sigma-go v0.5.1/go.mod h1:ZiTmCLylS8LOQPm1/2FuNDlSteiWwuHWScE69vOhh8c=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cisco-eti/sf-apis/go v0.0.0-20230905191833-17e4c751b04c h1:5BCJMIuiysHlYJe+nr/203cqIS6cpTIssbUD8v88VOU=
+github.com/cisco-eti/sf-apis/go v0.0.0-20230905191833-17e4c751b04c/go.mod h1:eo1ATE056Rqb9LhE4LA/0Y2AHfV//1zdCw0py4/S5HM=
+github.com/cisco-eti/sf-apis/go v0.0.0-20230929141246-bc28a59e1300 h1:ZxzwimQe2R4kYorqS33/l+m/+SXWMzPn1cLtpA1ExA0=
+github.com/cisco-eti/sf-apis/go v0.0.0-20230929141246-bc28a59e1300/go.mod h1:rvE0WXuIQmACykrVpAKxP5Crf/7KvZplUTULATmAuf4=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605155059-7218e3853449 h1:ibRooKkzXCY2jETfmLM3ltF5dwTtP/GobkOTZqRG1xQ=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605155059-7218e3853449/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605160458-06e52674202f h1:M8jhjF+sBi10J43Fv+hYYmIKLtRdE4ErHsE855uBNlw=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605160458-06e52674202f/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416 h1:E/CnNqAzy3096KSrFE6jPPHyV+frI6JM9oQPT3zuKVo=
+github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -198,10 +208,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230905191833-17e4c751b04c h1:5BCJMIuiysHlYJe+nr/203cqIS6cpTIssbUD8v88VOU=
-github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230905191833-17e4c751b04c/go.mod h1:eo1ATE056Rqb9LhE4LA/0Y2AHfV//1zdCw0py4/S5HM=
-github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300 h1:ZxzwimQe2R4kYorqS33/l+m/+SXWMzPn1cLtpA1ExA0=
-github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300/go.mod h1:rvE0WXuIQmACykrVpAKxP5Crf/7KvZplUTULATmAuf4=
 github.com/tidwall/gjson v1.14.1 h1:iymTbGkQBhveq21bEvAQ81I0LEBork8BFe1CUZXdyuo=
 github.com/tidwall/gjson v1.14.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=

core/policyengine/engine/actionhandler.go

@@ -22,8 +22,8 @@ package engine
 import (
 	"plugin"
 
-	"github.com/sysflow-telemetry/sf-apis/go/ioutils"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/ioutils"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
 )
 

core/policyengine/engine/interpreter.go

@@ -25,8 +25,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/paulbellamy/ratecounter"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/source"
 )

core/policyengine/engine/interpreter_test.go

@@ -21,9 +21,9 @@ import (
 	"os"
 	"testing"
 
+	"github.com/cisco-eti/sf-apis/go/ioutils"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/stretchr/testify/assert"
-	"github.com/sysflow-telemetry/sf-apis/go/ioutils"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/sigma"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"

core/policyengine/engine/setup_test.go

@@ -21,7 +21,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/logger"
 )
 
 func TestMain(m *testing.M) {

core/policyengine/monitor/localpolicymonitor.go

@@ -29,9 +29,9 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cisco-eti/sf-apis/go/ioutils"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/fsnotify/fsnotify"
-	"github.com/sysflow-telemetry/sf-apis/go/ioutils"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/engine"
 )
 

core/policyengine/policy/falco/compiler.go

@@ -27,7 +27,7 @@ import (
 	"strings"
 
 	"github.com/antlr/antlr4/runtime/Go/antlr"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/common"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco/lang/errorhandler"

core/policyengine/policy/falco/compiler_test.go

@@ -24,9 +24,9 @@ import (
 	"os"
 	"testing"
 
+	"github.com/cisco-eti/sf-apis/go/ioutils"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/stretchr/testify/assert"
-	"github.com/sysflow-telemetry/sf-apis/go/ioutils"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"
 )

core/policyengine/policy/predicates.go

@@ -20,7 +20,7 @@
 // Package policy implements input policy translation for the rules engine.
 package policy
 
-import "github.com/sysflow-telemetry/sf-apis/go/logger"
+import "github.com/cisco-eti/sf-apis/go/logger"
 
 // Predicate defines the type of a functional predicate.
 type Predicate[R any] func(R) bool

core/policyengine/policy/sigma/compiler.go

@@ -26,7 +26,7 @@ import (
 	"strings"
 
 	"github.com/bradleyjkemp/sigma-go"
-	"github.com/sysflow-telemetry/sf-apis/go/logger"
+	"github.com/cisco-eti/sf-apis/go/logger"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
 	"github.com/sysflow-telemetry/sf-processor/core/policyengine/source"
 )