endpointsecurity

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package endpointsecurity provides Go bindings for the EndpointSecurity framework.

Develop system extensions that enhance user security.

Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language that supports native calls. Your client registers with Endpoint Security to authorize pending events, or receive notifications of events that already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.

Event Monitoring

Entitlements

  • com.apple.developer.endpoint-security.client: The entitlement required to monitor system events for potentially malicious activity.

Variables

  • ES_CS_VALIDATION_CATEGORY_APP_STORE
  • ES_CS_VALIDATION_CATEGORY_DEVELOPER_ID
  • ES_CS_VALIDATION_CATEGORY_DEVELOPMENT
  • ES_CS_VALIDATION_CATEGORY_ENTERPRISE
  • ES_CS_VALIDATION_CATEGORY_INVALID
  • ES_CS_VALIDATION_CATEGORY_LOCAL_SIGNING
  • ES_CS_VALIDATION_CATEGORY_NONE
  • ES_CS_VALIDATION_CATEGORY_OOPJIT
  • ES_CS_VALIDATION_CATEGORY_PLATFORM
  • ES_CS_VALIDATION_CATEGORY_ROSETTA
  • ES_CS_VALIDATION_CATEGORY_TESTFLIGHT
  • ES_EVENT_TYPE_NOTIFY_TCC_MODIFY
  • ES_EVENT_TYPE_RESERVED_0
  • ES_EVENT_TYPE_RESERVED_1
  • ES_EVENT_TYPE_RESERVED_2
  • ES_EVENT_TYPE_RESERVED_3
  • ES_EVENT_TYPE_RESERVED_4
  • ES_EVENT_TYPE_RESERVED_5
  • ES_EVENT_TYPE_RESERVED_6
  • ES_TCC_AUTHORIZATION_REASON_APP_TYPE_POLICY: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_ENTITLED: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_ERROR
  • ES_TCC_AUTHORIZATION_REASON_MDM_POLICY: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_MISSING_USAGE_STRING: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_NONE
  • ES_TCC_AUTHORIZATION_REASON_PREFLIGHT_UNKNOWN: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_PROMPT_CANCEL: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_PROMPT_TIMEOUT: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_SERVICE_OVERRIDE_POLICY: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_SERVICE_POLICY: A system process changed the authorization right
  • ES_TCC_AUTHORIZATION_REASON_SYSTEM_SET: User changed the authorization right via Preferences
  • ES_TCC_AUTHORIZATION_REASON_USER_CONSENT
  • ES_TCC_AUTHORIZATION_REASON_USER_SET: User answered a prompt
  • ES_TCC_AUTHORIZATION_RIGHT_ADD_MODIFY_ADDED
  • ES_TCC_AUTHORIZATION_RIGHT_ALLOWED
  • ES_TCC_AUTHORIZATION_RIGHT_DENIED
  • ES_TCC_AUTHORIZATION_RIGHT_LEARN_MORE
  • ES_TCC_AUTHORIZATION_RIGHT_LIMITED
  • ES_TCC_AUTHORIZATION_RIGHT_SESSION_PID
  • ES_TCC_AUTHORIZATION_RIGHT_UNKNOWN
  • ES_TCC_EVENT_TYPE_CREATE
  • ES_TCC_EVENT_TYPE_DELETE
  • ES_TCC_EVENT_TYPE_MODIFY
  • ES_TCC_EVENT_TYPE_UNKNOWN
  • ES_TCC_IDENTITY_TYPE_BUNDLE_ID
  • ES_TCC_IDENTITY_TYPE_EXECUTABLE_PATH
  • ES_TCC_IDENTITY_TYPE_FILE_PROVIDER_DOMAIN_ID
  • ES_TCC_IDENTITY_TYPE_POLICY_ID

Type Aliases

  • es_statfs_t: This typedef is no longer used, but exists for API backwards compatibility.

Code generated from Apple documentation. DO NOT EDIT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Es_clear_cache 

func Es_clear_cache(client *Es_client_t) unsafe.Pointer

Es_clear_cache clears all cached results for all clients.

See: https://developer.apple.com/documentation/EndpointSecurity/es_clear_cache(_:)

func Es_delete_client 

func Es_delete_client(client *Es_client_t) unsafe.Pointer

Es_delete_client destroys and disconnects a client instance from the Endpoint Security system.

See: https://developer.apple.com/documentation/EndpointSecurity/es_delete_client(_:)

func Es_exec_arg_count 

func Es_exec_arg_count(event *Es_event_exec_t) uint32

Es_exec_arg_count gets the number of arguments from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_arg_count(_:)

func Es_exec_env_count 

func Es_exec_env_count(event *Es_event_exec_t) uint32

Es_exec_env_count gets the number of environment variables from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_env_count(_:)

func Es_exec_fd_count 

func Es_exec_fd_count(event *Es_event_exec_t) uint32

Es_exec_fd_count gets the number of file descriptors from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_fd_count(_:)

func Es_invert_muting 

func Es_invert_muting(client *Es_client_t, mute_type unsafe.Pointer) unsafe.Pointer

Es_invert_muting.

See: https://developer.apple.com/documentation/EndpointSecurity/es_invert_muting(_:_:)

func Es_mute_path 

func Es_mute_path(client *Es_client_t, path string, type_ unsafe.Pointer) unsafe.Pointer

Es_mute_path suppresses events from executables that match a given path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_path(_:_:_:)

func Es_mute_path_events 

func Es_mute_path_events(client *Es_client_t, path string, type_ unsafe.Pointer, events unsafe.Pointer, event_count uintptr) unsafe.Pointer

Es_mute_path_events suppresses a subset of events from executables that match a given path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_mute_path_events(_:_:_:_:_:)

func Es_muted_paths_events 

func Es_muted_paths_events(client *Es_client_t, muted_paths *Es_muted_paths_t) unsafe.Pointer

Es_muted_paths_events retrieve a list of all muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muted_paths_events(_:_:)

func Es_muted_processes_events 

func Es_muted_processes_events(client *Es_client_t, muted_processes *Es_muted_processes_t) unsafe.Pointer

Es_muted_processes_events retrieve a list of all muted processes.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muted_processes_events(_:_:)

func Es_muting_inverted 

func Es_muting_inverted(client *Es_client_t, mute_type unsafe.Pointer) unsafe.Pointer

Es_muting_inverted.

See: https://developer.apple.com/documentation/EndpointSecurity/es_muting_inverted(_:_:)

func Es_release_message 

func Es_release_message(msg *Es_message_t)

Es_release_message releases a previously-retained message.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_message(_:)

func Es_release_muted_paths 

func Es_release_muted_paths(muted_paths *Es_muted_paths_t)

Es_release_muted_paths frees resources associated with a set of previously-retrieved muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_muted_paths(_:)

func Es_release_muted_processes 

func Es_release_muted_processes(muted_processes *Es_muted_processes_t)

Es_release_muted_processes frees resources associated with a set of previously-retrieved muted processes.

See: https://developer.apple.com/documentation/EndpointSecurity/es_release_muted_processes(_:)

func Es_retain_message 

func Es_retain_message(msg *Es_message_t)

Es_retain_message retains the given message, extending its lifetime until released.

See: https://developer.apple.com/documentation/EndpointSecurity/es_retain_message(_:)

func Es_subscriptions 

func Es_subscriptions(client *Es_client_t, count *uintptr, subscriptions unsafe.Pointer) unsafe.Pointer

Es_subscriptions returns a list of the client’s subscriptions.

See: https://developer.apple.com/documentation/EndpointSecurity/es_subscriptions(_:_:_:)

func Es_unmute_all_paths 

func Es_unmute_all_paths(client *Es_client_t) unsafe.Pointer

Es_unmute_all_paths restores event delivery from previously-muted paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_all_paths(_:)

func Es_unmute_all_target_paths 

func Es_unmute_all_target_paths(client *Es_client_t) unsafe.Pointer

Es_unmute_all_target_paths.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_all_target_paths(_:)

func Es_unmute_path 

func Es_unmute_path(client *Es_client_t, path string, type_ unsafe.Pointer) unsafe.Pointer

Es_unmute_path restores event delivery from a previously-muted path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_path(_:_:_:)

func Es_unmute_path_events 

func Es_unmute_path_events(client *Es_client_t, path string, type_ unsafe.Pointer, events unsafe.Pointer, event_count uintptr) unsafe.Pointer

Es_unmute_path_events restores event delivery of a subset of events from a previously-muted path.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unmute_path_events(_:_:_:_:_:)

func Es_unsubscribe 

func Es_unsubscribe(client *Es_client_t, events unsafe.Pointer, event_count uint32) unsafe.Pointer

Es_unsubscribe unsubscribes the provided client from a set of events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unsubscribe(_:_:_:)

func Es_unsubscribe_all 

func Es_unsubscribe_all(client *Es_client_t) unsafe.Pointer

Es_unsubscribe_all unsubscribes a client from all events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_unsubscribe_all(_:)

Types

type Es added in v0.5.1 

type Es int32
const (
	// ES_CLEAR: A case that indicates the event represents a clearing of the access control list.
	ES_CLEAR Es = 1
	// ES_SET: A case that indicates the event represents a setting of access control list values.
	ES_SET Es = 0
)

func (Es) String added in v0.5.1 

func (e Es) String() string

type EsActionType added in v0.5.1 

type EsActionType int32
const (
	// ES_ACTION_TYPE_AUTH: The authentication action type.
	ES_ACTION_TYPE_AUTH EsActionType = 0
	// ES_ACTION_TYPE_NOTIFY: The notification action type.
	ES_ACTION_TYPE_NOTIFY EsActionType = 1
)

func (EsActionType) String added in v0.5.1 

func (e EsActionType) String() string

type EsAddressType added in v0.5.1 

type EsAddressType int32
const (
	ES_ADDRESS_TYPE_IPV4         EsAddressType = 1
	ES_ADDRESS_TYPE_IPV6         EsAddressType = 2
	ES_ADDRESS_TYPE_NAMED_SOCKET EsAddressType = 3
	ES_ADDRESS_TYPE_NONE         EsAddressType = 0
)

func (EsAddressType) String added in v0.5.1 

func (e EsAddressType) String() string

type EsAuthResult added in v0.5.1 

type EsAuthResult int32
const (
	// ES_AUTH_RESULT_ALLOW: The caller authorizes the event and allows it to continue.
	ES_AUTH_RESULT_ALLOW EsAuthResult = 0
	// ES_AUTH_RESULT_DENY: The caller denies authorization to the event and prevents it from continuing.
	ES_AUTH_RESULT_DENY EsAuthResult = 1
)

func (EsAuthResult) String added in v0.5.1 

func (e EsAuthResult) String() string

type EsAuthenticationType added in v0.5.1 

type EsAuthenticationType int32
const (
	ES_AUTHENTICATION_TYPE_AUTO_UNLOCK EsAuthenticationType = 3
	ES_AUTHENTICATION_TYPE_LAST        EsAuthenticationType = 4
	ES_AUTHENTICATION_TYPE_OD          EsAuthenticationType = 0
	ES_AUTHENTICATION_TYPE_TOKEN       EsAuthenticationType = 2
	ES_AUTHENTICATION_TYPE_TOUCHID     EsAuthenticationType = 1
)

func (EsAuthenticationType) String added in v0.5.1 

func (e EsAuthenticationType) String() string

type EsAuthorizationRuleClass added in v0.5.1 

type EsAuthorizationRuleClass int32
const (
	ES_AUTHORIZATION_RULE_CLASS_ALLOW     EsAuthorizationRuleClass = 3
	ES_AUTHORIZATION_RULE_CLASS_DENY      EsAuthorizationRuleClass = 4
	ES_AUTHORIZATION_RULE_CLASS_INVALID   EsAuthorizationRuleClass = 6
	ES_AUTHORIZATION_RULE_CLASS_MECHANISM EsAuthorizationRuleClass = 2
	ES_AUTHORIZATION_RULE_CLASS_RULE      EsAuthorizationRuleClass = 1
	ES_AUTHORIZATION_RULE_CLASS_UNKNOWN   EsAuthorizationRuleClass = 5
	ES_AUTHORIZATION_RULE_CLASS_USER      EsAuthorizationRuleClass = 0
)

func (EsAuthorizationRuleClass) String added in v0.5.1 

func (e EsAuthorizationRuleClass) String() string

type EsAutoUnlock added in v0.5.1 

type EsAutoUnlock int32
const (
	ES_AUTO_UNLOCK_AUTH_PROMPT    EsAutoUnlock = 2
	ES_AUTO_UNLOCK_MACHINE_UNLOCK EsAutoUnlock = 1
)

func (EsAutoUnlock) String added in v0.5.1 

func (e EsAutoUnlock) String() string

type EsBtmItemType added in v0.5.1 

type EsBtmItemType int32
const (
	ES_BTM_ITEM_TYPE_AGENT      EsBtmItemType = 3
	ES_BTM_ITEM_TYPE_APP        EsBtmItemType = 1
	ES_BTM_ITEM_TYPE_DAEMON     EsBtmItemType = 4
	ES_BTM_ITEM_TYPE_LOGIN_ITEM EsBtmItemType = 2
	ES_BTM_ITEM_TYPE_USER_ITEM  EsBtmItemType = 0
)

func (EsBtmItemType) String added in v0.5.1 

func (e EsBtmItemType) String() string

type EsClearCacheResult added in v0.5.1 

type EsClearCacheResult int32
const (
	// ES_CLEAR_CACHE_RESULT_ERR_INTERNAL: Communication with the Endpoint Security system failed.
	ES_CLEAR_CACHE_RESULT_ERR_INTERNAL EsClearCacheResult = 1
	// ES_CLEAR_CACHE_RESULT_ERR_THROTTLE: Clearing the cache failed because the rate of calls was too high.
	ES_CLEAR_CACHE_RESULT_ERR_THROTTLE EsClearCacheResult = 2
	// ES_CLEAR_CACHE_RESULT_SUCCESS: Clearing the cache succeeded.
	ES_CLEAR_CACHE_RESULT_SUCCESS EsClearCacheResult = 0
)

func (EsClearCacheResult) String added in v0.5.1 

func (e EsClearCacheResult) String() string

type EsCsValidationCategory added in v0.5.1 

type EsCsValidationCategory int32
const (
	ES_CS_VALIDATION_CATEGORY_APP_STORE     EsCsValidationCategory = 4
	ES_CS_VALIDATION_CATEGORY_DEVELOPER_ID  EsCsValidationCategory = 6
	ES_CS_VALIDATION_CATEGORY_DEVELOPMENT   EsCsValidationCategory = 3
	ES_CS_VALIDATION_CATEGORY_ENTERPRISE    EsCsValidationCategory = 5
	ES_CS_VALIDATION_CATEGORY_INVALID       EsCsValidationCategory = 0
	ES_CS_VALIDATION_CATEGORY_LOCAL_SIGNING EsCsValidationCategory = 7
	ES_CS_VALIDATION_CATEGORY_NONE          EsCsValidationCategory = 10
	ES_CS_VALIDATION_CATEGORY_OOPJIT        EsCsValidationCategory = 9
	ES_CS_VALIDATION_CATEGORY_PLATFORM      EsCsValidationCategory = 1
	ES_CS_VALIDATION_CATEGORY_ROSETTA       EsCsValidationCategory = 8
	ES_CS_VALIDATION_CATEGORY_TESTFLIGHT    EsCsValidationCategory = 2
)

func (EsCsValidationCategory) String added in v0.5.1 

func (e EsCsValidationCategory) String() string

type EsDestinationType added in v0.5.1 

type EsDestinationType int32
const (
	// ES_DESTINATION_TYPE_EXISTING_FILE: The destination is an existing file.
	ES_DESTINATION_TYPE_EXISTING_FILE EsDestinationType = 0
	// ES_DESTINATION_TYPE_NEW_PATH: The destination is a path to a new location.
	ES_DESTINATION_TYPE_NEW_PATH EsDestinationType = 1
)

func (EsDestinationType) String added in v0.5.1 

func (e EsDestinationType) String() string

type EsEventType added in v0.5.1 

type EsEventType int32
const (
	// ES_EVENT_TYPE_AUTH_CHDIR: An identifier for a process that requests permission from the operating system to change the working directory for the process.
	ES_EVENT_TYPE_AUTH_CHDIR EsEventType = 50
	// ES_EVENT_TYPE_AUTH_CHROOT: An identifier for a process that requests permission from the operating system to change the root directory for the process.
	ES_EVENT_TYPE_AUTH_CHROOT EsEventType = 56
	// ES_EVENT_TYPE_AUTH_CLONE: An identifier for a process that requests permission from the operating system to clone a file.
	ES_EVENT_TYPE_AUTH_CLONE EsEventType = 60
	// ES_EVENT_TYPE_AUTH_COPYFILE: An identifier for a process that requests permission from the operating system to copy a file.
	ES_EVENT_TYPE_AUTH_COPYFILE EsEventType = 109
	// ES_EVENT_TYPE_AUTH_CREATE: An identifier for a process that requests permission from the operating system to create a file.
	ES_EVENT_TYPE_AUTH_CREATE EsEventType = 44
	// ES_EVENT_TYPE_AUTH_DELETEEXTATTR: An identifier for a process that requests permission from the operating system to delete an extended attribute from a file.
	ES_EVENT_TYPE_AUTH_DELETEEXTATTR EsEventType = 69
	// ES_EVENT_TYPE_AUTH_EXCHANGEDATA: An identifier for a process that requests permission from the operating system to exchange data between two files.
	ES_EVENT_TYPE_AUTH_EXCHANGEDATA EsEventType = 80
	// ES_EVENT_TYPE_AUTH_EXEC: An identifier for a process that requests permission from the operating system to execute another image.
	ES_EVENT_TYPE_AUTH_EXEC EsEventType = 0
	// ES_EVENT_TYPE_AUTH_FCNTL: An identifier for a process that requests permission from the operating system to manipulate a file descriptor.
	ES_EVENT_TYPE_AUTH_FCNTL EsEventType = 90
	// ES_EVENT_TYPE_AUTH_FILE_PROVIDER_MATERIALIZE: An identifier for a process that requests permission for a file provider to return a reference to a file.
	ES_EVENT_TYPE_AUTH_FILE_PROVIDER_MATERIALIZE EsEventType = 34
	// ES_EVENT_TYPE_AUTH_FILE_PROVIDER_UPDATE: An identifier for a process that requests permission from the operating system to update a file.
	ES_EVENT_TYPE_AUTH_FILE_PROVIDER_UPDATE EsEventType = 36
	// ES_EVENT_TYPE_AUTH_FSGETPATH: An identifier for a process that requests permission from the operating system to retrieve a file system path.
	ES_EVENT_TYPE_AUTH_FSGETPATH EsEventType = 71
	// ES_EVENT_TYPE_AUTH_GETATTRLIST: An identifier for a process that requests permission from the operating system to retrieve attributes from a file.
	ES_EVENT_TYPE_AUTH_GETATTRLIST EsEventType = 52
	// ES_EVENT_TYPE_AUTH_GETEXTATTR: An identifier for a process that requests permission from the operating system to retrieve an extended attribute from a file.
	ES_EVENT_TYPE_AUTH_GETEXTATTR EsEventType = 63
	// ES_EVENT_TYPE_AUTH_GET_TASK: An identifier for a process that requests permission from the operating system to retrieve a process’s task control port.
	ES_EVENT_TYPE_AUTH_GET_TASK EsEventType = 87
	// ES_EVENT_TYPE_AUTH_GET_TASK_READ: An identifier for a process that requests permission from the operating system to retrieve a process’s task read port.
	ES_EVENT_TYPE_AUTH_GET_TASK_READ EsEventType = 100
	// ES_EVENT_TYPE_AUTH_IOKIT_OPEN: An identifier for a process that requests permission from the operating system to open an IOKit device.
	ES_EVENT_TYPE_AUTH_IOKIT_OPEN EsEventType = 91
	// ES_EVENT_TYPE_AUTH_KEXTLOAD: An identifier for a process that requests permission from the operating system to load a kernel extension (KEXT).
	ES_EVENT_TYPE_AUTH_KEXTLOAD EsEventType = 2
	// ES_EVENT_TYPE_AUTH_LINK: An identifier for a process that requests permission from the operating system to create a hard link.
	ES_EVENT_TYPE_AUTH_LINK EsEventType = 42
	// ES_EVENT_TYPE_AUTH_LISTEXTATTR: An identifier for a process that requests permission from the operating system to retrieve multiple extended attributes from a file.
	ES_EVENT_TYPE_AUTH_LISTEXTATTR EsEventType = 65
	// ES_EVENT_TYPE_AUTH_MMAP: An identifier for a process that requests permission from the operating system to map a file into memory.
	ES_EVENT_TYPE_AUTH_MMAP EsEventType = 3
	// ES_EVENT_TYPE_AUTH_MOUNT: An identifier for a process that requests permission from the operating system to mount a file system.
	ES_EVENT_TYPE_AUTH_MOUNT EsEventType = 5
	// ES_EVENT_TYPE_AUTH_MPROTECT: An identifier for a process that requests permission from the operating system to change the protection of memory-mapped pages.
	ES_EVENT_TYPE_AUTH_MPROTECT EsEventType = 4
	// ES_EVENT_TYPE_AUTH_OPEN: An identifier for a process that requests permission from the operating system to open a file.
	ES_EVENT_TYPE_AUTH_OPEN EsEventType = 1
	// ES_EVENT_TYPE_AUTH_PROC_CHECK: An identifier for a process that requests permission from the operating system to get information about a process.
	ES_EVENT_TYPE_AUTH_PROC_CHECK EsEventType = 85
	// ES_EVENT_TYPE_AUTH_PROC_SUSPEND_RESUME: An identifier for a process that requests permission from the operating system to suspend, resume, or shut down sockets for another process.
	ES_EVENT_TYPE_AUTH_PROC_SUSPEND_RESUME EsEventType = 92
	// ES_EVENT_TYPE_AUTH_READDIR: An identifier for a process that requests permission from the operating system to read a file system directory.
	ES_EVENT_TYPE_AUTH_READDIR EsEventType = 67
	// ES_EVENT_TYPE_AUTH_READLINK: An identifier for a process that requests permission from the operating system to read a symbolic link.
	ES_EVENT_TYPE_AUTH_READLINK EsEventType = 38
	// ES_EVENT_TYPE_AUTH_REMOUNT: An identifier for a process that requests permission from the operating system to mount a file system.
	ES_EVENT_TYPE_AUTH_REMOUNT EsEventType = 98
	// ES_EVENT_TYPE_AUTH_RENAME: An identifier for a process that requests permission from the operating system to rename a file.
	ES_EVENT_TYPE_AUTH_RENAME EsEventType = 6
	// ES_EVENT_TYPE_AUTH_SEARCHFS: An identifier for a process that requests permission from the operating system to search a volume or mounted file system.
	ES_EVENT_TYPE_AUTH_SEARCHFS EsEventType = 88
	// ES_EVENT_TYPE_AUTH_SETACL: An identifier for a process that requests permission from the operating system to set a file’s access control list.
	ES_EVENT_TYPE_AUTH_SETACL EsEventType = 81
	// ES_EVENT_TYPE_AUTH_SETATTRLIST: An identifier for a process that requests permission from the operating system to set attributes of a file.
	ES_EVENT_TYPE_AUTH_SETATTRLIST EsEventType = 45
	// ES_EVENT_TYPE_AUTH_SETEXTATTR: An identifier for a process that requests permission from the operating system to set an extended attribute of a file.
	ES_EVENT_TYPE_AUTH_SETEXTATTR EsEventType = 46
	// ES_EVENT_TYPE_AUTH_SETFLAGS: An identifier for a process that requests permission from the operating system to set a file’s flags.
	ES_EVENT_TYPE_AUTH_SETFLAGS EsEventType = 47
	// ES_EVENT_TYPE_AUTH_SETMODE: An identifier for a process that requests permission from the operating system to set a file’s mode.
	ES_EVENT_TYPE_AUTH_SETMODE EsEventType = 48
	// ES_EVENT_TYPE_AUTH_SETOWNER: An identifier for a process that requests permission from the operating system to set a file’s owner.
	ES_EVENT_TYPE_AUTH_SETOWNER EsEventType = 49
	// ES_EVENT_TYPE_AUTH_SETTIME: An identifier for a process that requests permission from the operating system to modify the system time.
	ES_EVENT_TYPE_AUTH_SETTIME EsEventType = 74
	// ES_EVENT_TYPE_AUTH_SIGNAL: An identifier for a process that requests permission from the operating system to send a signal to a process.
	ES_EVENT_TYPE_AUTH_SIGNAL EsEventType = 7
	// ES_EVENT_TYPE_AUTH_TRUNCATE: An identifier for a process that requests permission from the operating system to truncate a file.
	ES_EVENT_TYPE_AUTH_TRUNCATE EsEventType = 40
	// ES_EVENT_TYPE_AUTH_UIPC_BIND: An identifier for a process that requests permission from the operating system to bind a UNIX domain socket.
	ES_EVENT_TYPE_AUTH_UIPC_BIND EsEventType = 77
	// ES_EVENT_TYPE_AUTH_UIPC_CONNECT: An identifier for a process that requests permission from the operating system to connect a UNIX domain socket.
	ES_EVENT_TYPE_AUTH_UIPC_CONNECT EsEventType = 79
	// ES_EVENT_TYPE_AUTH_UNLINK: An identifier for a process that requests permission from the operating system to delete a file.
	ES_EVENT_TYPE_AUTH_UNLINK EsEventType = 8
	// ES_EVENT_TYPE_AUTH_UTIMES: An identifier for a process that requests permission from the operating system to change a file’s access or modification time.
	ES_EVENT_TYPE_AUTH_UTIMES EsEventType = 58
	// ES_EVENT_TYPE_LAST: A value that indicates the last member of the enumeration.
	ES_EVENT_TYPE_LAST EsEventType = 155
	// ES_EVENT_TYPE_NOTIFY_ACCESS: An identifier for a process that notifies endpoint security that it is checking a file’s access permission.
	ES_EVENT_TYPE_NOTIFY_ACCESS                  EsEventType = 55
	ES_EVENT_TYPE_NOTIFY_AUTHENTICATION          EsEventType = 111
	ES_EVENT_TYPE_NOTIFY_AUTHORIZATION_JUDGEMENT EsEventType = 130
	ES_EVENT_TYPE_NOTIFY_AUTHORIZATION_PETITION  EsEventType = 129
	ES_EVENT_TYPE_NOTIFY_BTM_LAUNCH_ITEM_ADD     EsEventType = 124
	ES_EVENT_TYPE_NOTIFY_BTM_LAUNCH_ITEM_REMOVE  EsEventType = 125
	// ES_EVENT_TYPE_NOTIFY_CHDIR: An identifier for a process that notifies endpoint security that it is changing the working directory for the process.
	ES_EVENT_TYPE_NOTIFY_CHDIR EsEventType = 51
	// ES_EVENT_TYPE_NOTIFY_CHROOT: An identifier for a process that notifies endpoint security that it is changing the root directory for the process.
	ES_EVENT_TYPE_NOTIFY_CHROOT EsEventType = 57
	// ES_EVENT_TYPE_NOTIFY_CLONE: An identifier for a process that notifies endpoint security that it is cloning a file.
	ES_EVENT_TYPE_NOTIFY_CLONE EsEventType = 61
	// ES_EVENT_TYPE_NOTIFY_CLOSE: An identifier for a process that notifies endpoint security that it is closing a file.
	ES_EVENT_TYPE_NOTIFY_CLOSE EsEventType = 12
	// ES_EVENT_TYPE_NOTIFY_COPYFILE: An identifier for a process that notifies endpoint security that it is copying a file.
	ES_EVENT_TYPE_NOTIFY_COPYFILE EsEventType = 110
	// ES_EVENT_TYPE_NOTIFY_CREATE: An identifier for a process that notifies endpoint security that it is creating a file.
	ES_EVENT_TYPE_NOTIFY_CREATE EsEventType = 13
	// ES_EVENT_TYPE_NOTIFY_CS_INVALIDATED: An identifier for a process that notifies endpoint security that its code signing status is now invalid.
	ES_EVENT_TYPE_NOTIFY_CS_INVALIDATED EsEventType = 94
	// ES_EVENT_TYPE_NOTIFY_DELETEEXTATTR: An identifier for a process that notifies endpoint security that it is deleting an extended attribute from a file.
	ES_EVENT_TYPE_NOTIFY_DELETEEXTATTR EsEventType = 70
	// ES_EVENT_TYPE_NOTIFY_DUP: An identifier for a process that notifies endpoint security that it is duplicating a file descriptor.
	ES_EVENT_TYPE_NOTIFY_DUP EsEventType = 73
	// ES_EVENT_TYPE_NOTIFY_EXCHANGEDATA: An identifier for a process that notifies endpoint security that it is exchanging data between two files.
	ES_EVENT_TYPE_NOTIFY_EXCHANGEDATA EsEventType = 14
	// ES_EVENT_TYPE_NOTIFY_EXEC: An identifier for a process that notifies endpoint security that it is executing an image.
	ES_EVENT_TYPE_NOTIFY_EXEC EsEventType = 9
	// ES_EVENT_TYPE_NOTIFY_EXIT: An identifier for a process that notifies endpoint security that it is exiting.
	ES_EVENT_TYPE_NOTIFY_EXIT EsEventType = 15
	// ES_EVENT_TYPE_NOTIFY_FCNTL: An identifier for a process that notifies endpoint security that it is manipulating a file descriptor.
	ES_EVENT_TYPE_NOTIFY_FCNTL EsEventType = 62
	// ES_EVENT_TYPE_NOTIFY_FILE_PROVIDER_MATERIALIZE: An identifier for a process that notifies endpoint security that a file provider returned a reference to a file.
	ES_EVENT_TYPE_NOTIFY_FILE_PROVIDER_MATERIALIZE EsEventType = 35
	// ES_EVENT_TYPE_NOTIFY_FILE_PROVIDER_UPDATE: An identifier for a process that notifies endpoint security that it is updating a file.
	ES_EVENT_TYPE_NOTIFY_FILE_PROVIDER_UPDATE EsEventType = 37
	// ES_EVENT_TYPE_NOTIFY_FORK: An identifier for a process that notifies endpoint security that it is forking another process.
	ES_EVENT_TYPE_NOTIFY_FORK EsEventType = 11
	// ES_EVENT_TYPE_NOTIFY_FSGETPATH: An identifier for a process that notifies endpoint security that it is retrieving a file system path.
	ES_EVENT_TYPE_NOTIFY_FSGETPATH                EsEventType = 72
	ES_EVENT_TYPE_NOTIFY_GATEKEEPER_USER_OVERRIDE EsEventType = 146
	// ES_EVENT_TYPE_NOTIFY_GETATTRLIST: An identifier for a process that notifies endpoint security that it is retrieving attributes from a file.
	ES_EVENT_TYPE_NOTIFY_GETATTRLIST EsEventType = 53
	// ES_EVENT_TYPE_NOTIFY_GETEXTATTR: An identifier for a process that notifies endpoint security that it is retrieving an extended attribute from a file.
	ES_EVENT_TYPE_NOTIFY_GETEXTATTR EsEventType = 64
	// ES_EVENT_TYPE_NOTIFY_GET_TASK: An identifier for a process that notifies endpoint security that it is retrieving the task control port for another process.
	ES_EVENT_TYPE_NOTIFY_GET_TASK EsEventType = 16
	// ES_EVENT_TYPE_NOTIFY_GET_TASK_INSPECT: An identifier for a process that notifies endpoint security that it is retrieving the task inspect port for another process.
	ES_EVENT_TYPE_NOTIFY_GET_TASK_INSPECT EsEventType = 102
	// ES_EVENT_TYPE_NOTIFY_GET_TASK_NAME: An identifier for a process that notifies endpoint security that it is retrieving the task name port for another process.
	ES_EVENT_TYPE_NOTIFY_GET_TASK_NAME EsEventType = 95
	// ES_EVENT_TYPE_NOTIFY_GET_TASK_READ: An identifier for a process that notifies endpoint security that it is retrieving the task read port for another process.
	ES_EVENT_TYPE_NOTIFY_GET_TASK_READ EsEventType = 101
	// ES_EVENT_TYPE_NOTIFY_IOKIT_OPEN: An identifier for a process that notifies endpoint security that it is opening an IOKit device.
	ES_EVENT_TYPE_NOTIFY_IOKIT_OPEN EsEventType = 24
	// ES_EVENT_TYPE_NOTIFY_KEXTLOAD: An identifier for a process that notifies endpoint security that it is loading a kernel extension (KEXT).
	ES_EVENT_TYPE_NOTIFY_KEXTLOAD EsEventType = 17
	// ES_EVENT_TYPE_NOTIFY_KEXTUNLOAD: An identifier for a process that notifies endpoint security that it is unloading a kernel extension (KEXT).
	ES_EVENT_TYPE_NOTIFY_KEXTUNLOAD EsEventType = 18
	// ES_EVENT_TYPE_NOTIFY_LINK: An identifier for a process that notifies endpoint security that it is creating a hard link.
	ES_EVENT_TYPE_NOTIFY_LINK EsEventType = 19
	// ES_EVENT_TYPE_NOTIFY_LISTEXTATTR: An identifier for a process that notifies endpoint security that it is retrieving multiple extended attributes from a file.
	ES_EVENT_TYPE_NOTIFY_LISTEXTATTR  EsEventType = 66
	ES_EVENT_TYPE_NOTIFY_LOGIN_LOGIN  EsEventType = 122
	ES_EVENT_TYPE_NOTIFY_LOGIN_LOGOUT EsEventType = 123
	// ES_EVENT_TYPE_NOTIFY_LOOKUP: An identifier for a process that notifies endpoint security that it is looking up a file’s path.
	ES_EVENT_TYPE_NOTIFY_LOOKUP            EsEventType = 43
	ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOCK   EsEventType = 116
	ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGIN  EsEventType = 114
	ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGOUT EsEventType = 115
	ES_EVENT_TYPE_NOTIFY_LW_SESSION_UNLOCK EsEventType = 117
	// ES_EVENT_TYPE_NOTIFY_MMAP: An identifier for a process that notifies endpoint security that it is mapping a file into memory.
	ES_EVENT_TYPE_NOTIFY_MMAP EsEventType = 20
	// ES_EVENT_TYPE_NOTIFY_MOUNT: An identifier for a process that notifies endpoint security that it is mounting a file system.
	ES_EVENT_TYPE_NOTIFY_MOUNT EsEventType = 22
	// ES_EVENT_TYPE_NOTIFY_MPROTECT: An identifier for a process that notifies endpoint security that it is changing the protection of memory-mapped pages.
	ES_EVENT_TYPE_NOTIFY_MPROTECT                  EsEventType = 21
	ES_EVENT_TYPE_NOTIFY_OD_ATTRIBUTE_SET          EsEventType = 140
	ES_EVENT_TYPE_NOTIFY_OD_ATTRIBUTE_VALUE_ADD    EsEventType = 138
	ES_EVENT_TYPE_NOTIFY_OD_ATTRIBUTE_VALUE_REMOVE EsEventType = 139
	ES_EVENT_TYPE_NOTIFY_OD_CREATE_GROUP           EsEventType = 142
	ES_EVENT_TYPE_NOTIFY_OD_CREATE_USER            EsEventType = 141
	ES_EVENT_TYPE_NOTIFY_OD_DELETE_GROUP           EsEventType = 144
	ES_EVENT_TYPE_NOTIFY_OD_DELETE_USER            EsEventType = 143
	ES_EVENT_TYPE_NOTIFY_OD_DISABLE_USER           EsEventType = 136
	ES_EVENT_TYPE_NOTIFY_OD_ENABLE_USER            EsEventType = 137
	ES_EVENT_TYPE_NOTIFY_OD_GROUP_ADD              EsEventType = 132
	ES_EVENT_TYPE_NOTIFY_OD_GROUP_REMOVE           EsEventType = 133
	ES_EVENT_TYPE_NOTIFY_OD_GROUP_SET              EsEventType = 134
	ES_EVENT_TYPE_NOTIFY_OD_MODIFY_PASSWORD        EsEventType = 135
	// ES_EVENT_TYPE_NOTIFY_OPEN: An identifier for a process that notifies endpoint security that it is opening a file.
	ES_EVENT_TYPE_NOTIFY_OPEN           EsEventType = 10
	ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGIN  EsEventType = 120
	ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGOUT EsEventType = 121
	// ES_EVENT_TYPE_NOTIFY_PROC_CHECK: An identifier for a process that notifies endpoint security that it is checking information about another process.
	ES_EVENT_TYPE_NOTIFY_PROC_CHECK EsEventType = 86
	// ES_EVENT_TYPE_NOTIFY_PROC_SUSPEND_RESUME: An identifier for a process that notifies endpoint security that it is suspending, resuming, or shutting down sockets for another process.
	ES_EVENT_TYPE_NOTIFY_PROC_SUSPEND_RESUME EsEventType = 93
	ES_EVENT_TYPE_NOTIFY_PROFILE_ADD         EsEventType = 126
	ES_EVENT_TYPE_NOTIFY_PROFILE_REMOVE      EsEventType = 127
	// ES_EVENT_TYPE_NOTIFY_PTY_CLOSE: An identifier for a process that notifies endpoint security that it is closing a pseudoterminal device.
	ES_EVENT_TYPE_NOTIFY_PTY_CLOSE EsEventType = 84
	// ES_EVENT_TYPE_NOTIFY_PTY_GRANT: An identifier for a process that notifies endpoint security that it is granting a pseudoterminal device to a user.
	ES_EVENT_TYPE_NOTIFY_PTY_GRANT EsEventType = 83
	// ES_EVENT_TYPE_NOTIFY_READDIR: An identifier for a process that notifies endpoint security that it is reading a file system directory.
	ES_EVENT_TYPE_NOTIFY_READDIR EsEventType = 68
	// ES_EVENT_TYPE_NOTIFY_READLINK: An identifier for a process that notifies endpoint security that it is reading a symbolic link.
	ES_EVENT_TYPE_NOTIFY_READLINK EsEventType = 39
	// ES_EVENT_TYPE_NOTIFY_REMOTE_THREAD_CREATE: An identifier for a process that notifies endpoint security that it is spawning a thread in another process.
	ES_EVENT_TYPE_NOTIFY_REMOTE_THREAD_CREATE EsEventType = 97
	// ES_EVENT_TYPE_NOTIFY_REMOUNT: An identifier for a process that notifies endpoint security that it is remounting a file system.
	ES_EVENT_TYPE_NOTIFY_REMOUNT EsEventType = 99
	// ES_EVENT_TYPE_NOTIFY_RENAME: An identifier for a process that notifies endpoint security that it is renaming a file.
	ES_EVENT_TYPE_NOTIFY_RENAME               EsEventType = 25
	ES_EVENT_TYPE_NOTIFY_SCREENSHARING_ATTACH EsEventType = 118
	ES_EVENT_TYPE_NOTIFY_SCREENSHARING_DETACH EsEventType = 119
	// ES_EVENT_TYPE_NOTIFY_SEARCHFS: An identifier for a process that notifies endpoint security that it is searching a volume or mounted file system.
	ES_EVENT_TYPE_NOTIFY_SEARCHFS EsEventType = 89
	// ES_EVENT_TYPE_NOTIFY_SETACL: An identifier for a process that notifies endpoint security that it is setting a file’s access control list.
	ES_EVENT_TYPE_NOTIFY_SETACL EsEventType = 82
	// ES_EVENT_TYPE_NOTIFY_SETATTRLIST: An identifier for a process that notifies endpoint security that it is setting attributes of a file.
	ES_EVENT_TYPE_NOTIFY_SETATTRLIST EsEventType = 26
	// ES_EVENT_TYPE_NOTIFY_SETEGID: An identifier for a process that notifies endpoint security that it is setting its effective group ID.
	ES_EVENT_TYPE_NOTIFY_SETEGID EsEventType = 106
	// ES_EVENT_TYPE_NOTIFY_SETEUID: An identifier for a process that notifies endpoint security that it is setting its effective user ID.
	ES_EVENT_TYPE_NOTIFY_SETEUID EsEventType = 105
	// ES_EVENT_TYPE_NOTIFY_SETEXTATTR: An identifier for a process that notifies endpoint security that it is setting an extended attribute of a file.
	ES_EVENT_TYPE_NOTIFY_SETEXTATTR EsEventType = 27
	// ES_EVENT_TYPE_NOTIFY_SETFLAGS: An identifier for a process that notifies endpoint security that it is setting a file’s flags.
	ES_EVENT_TYPE_NOTIFY_SETFLAGS EsEventType = 28
	// ES_EVENT_TYPE_NOTIFY_SETGID: An identifier for a process that notifies endpoint security that it is setting its group ID.
	ES_EVENT_TYPE_NOTIFY_SETGID EsEventType = 104
	// ES_EVENT_TYPE_NOTIFY_SETMODE: An identifier for a process that notifies endpoint security that it is setting a file’s mode.
	ES_EVENT_TYPE_NOTIFY_SETMODE EsEventType = 29
	// ES_EVENT_TYPE_NOTIFY_SETOWNER: An identifier for a process that notifies endpoint security that it is setting a file’s owner.
	ES_EVENT_TYPE_NOTIFY_SETOWNER EsEventType = 30
	// ES_EVENT_TYPE_NOTIFY_SETREGID: An identifier for a process that notifies endpoint security that it is setting its real and effective group IDs.
	ES_EVENT_TYPE_NOTIFY_SETREGID EsEventType = 108
	// ES_EVENT_TYPE_NOTIFY_SETREUID: An identifier for a process that notifies endpoint security that it is setting its real and effective user IDs.
	ES_EVENT_TYPE_NOTIFY_SETREUID EsEventType = 107
	// ES_EVENT_TYPE_NOTIFY_SETTIME: An identifier for a process that notifies endpoint security that it is modifying the system time.
	ES_EVENT_TYPE_NOTIFY_SETTIME EsEventType = 75
	// ES_EVENT_TYPE_NOTIFY_SETUID: An identifier for a process that notifies endpoint security that it is setting its user ID.
	ES_EVENT_TYPE_NOTIFY_SETUID EsEventType = 103
	// ES_EVENT_TYPE_NOTIFY_SIGNAL: An identifier for a process that notifies endpoint security that it is sending a signal to another process.
	ES_EVENT_TYPE_NOTIFY_SIGNAL EsEventType = 31
	// ES_EVENT_TYPE_NOTIFY_STAT: An identifier for a process that notifies endpoint security that it is retrieving a file’s status.
	ES_EVENT_TYPE_NOTIFY_STAT       EsEventType = 54
	ES_EVENT_TYPE_NOTIFY_SU         EsEventType = 128
	ES_EVENT_TYPE_NOTIFY_SUDO       EsEventType = 131
	ES_EVENT_TYPE_NOTIFY_TCC_MODIFY EsEventType = 147
	// ES_EVENT_TYPE_NOTIFY_TRACE: An identifier for a process that notifies endpoint security that it is attaching to another process.
	ES_EVENT_TYPE_NOTIFY_TRACE EsEventType = 96
	// ES_EVENT_TYPE_NOTIFY_TRUNCATE: An identifier for a process that notifies endpoint security that it is truncating a file.
	ES_EVENT_TYPE_NOTIFY_TRUNCATE EsEventType = 41
	// ES_EVENT_TYPE_NOTIFY_UIPC_BIND: An identifier for a process that notifies endpoint security that it is binding a UNIX domain socket.
	ES_EVENT_TYPE_NOTIFY_UIPC_BIND EsEventType = 76
	// ES_EVENT_TYPE_NOTIFY_UIPC_CONNECT: An identifier for a process that notifies endpoint security that it is connecting to a UNIX domain socket.
	ES_EVENT_TYPE_NOTIFY_UIPC_CONNECT EsEventType = 78
	// ES_EVENT_TYPE_NOTIFY_UNLINK: An identifier for a process that notifies endpoint security that it is deleting a file.
	ES_EVENT_TYPE_NOTIFY_UNLINK EsEventType = 32
	// ES_EVENT_TYPE_NOTIFY_UNMOUNT: An identifier for a process that notifies endpoint security that it is unmounting a file system.
	ES_EVENT_TYPE_NOTIFY_UNMOUNT EsEventType = 23
	// ES_EVENT_TYPE_NOTIFY_UTIMES: An identifier for a process that notifies endpoint security that it is changing a file’s access or modification time.
	ES_EVENT_TYPE_NOTIFY_UTIMES EsEventType = 59
	// ES_EVENT_TYPE_NOTIFY_WRITE: An identifier for a process that notifies endpoint security that it is writing data to a file.
	ES_EVENT_TYPE_NOTIFY_WRITE                 EsEventType = 33
	ES_EVENT_TYPE_NOTIFY_XPC_CONNECT           EsEventType = 145
	ES_EVENT_TYPE_NOTIFY_XP_MALWARE_DETECTED   EsEventType = 112
	ES_EVENT_TYPE_NOTIFY_XP_MALWARE_REMEDIATED EsEventType = 113
	ES_EVENT_TYPE_RESERVED_0                   EsEventType = 148
	ES_EVENT_TYPE_RESERVED_1                   EsEventType = 149
	ES_EVENT_TYPE_RESERVED_2                   EsEventType = 150
	ES_EVENT_TYPE_RESERVED_3                   EsEventType = 151
	ES_EVENT_TYPE_RESERVED_4                   EsEventType = 152
	ES_EVENT_TYPE_RESERVED_5                   EsEventType = 153
	ES_EVENT_TYPE_RESERVED_6                   EsEventType = 154
)

func (EsEventType) String added in v0.5.1 

func (e EsEventType) String() string

type EsGatekeeperUserOverrideFileType added in v0.5.1 

type EsGatekeeperUserOverrideFileType int32
const (
	ES_GATEKEEPER_USER_OVERRIDE_FILE_TYPE_FILE EsGatekeeperUserOverrideFileType = 1
	ES_GATEKEEPER_USER_OVERRIDE_FILE_TYPE_PATH EsGatekeeperUserOverrideFileType = 0
)

func (EsGatekeeperUserOverrideFileType) String added in v0.5.1 

func (e EsGatekeeperUserOverrideFileType) String() string

type EsGetTaskType added in v0.5.1 

type EsGetTaskType int32
const (
	ES_GET_TASK_TYPE_EXPOSE_TASK    EsGetTaskType = 1
	ES_GET_TASK_TYPE_IDENTITY_TOKEN EsGetTaskType = 2
	ES_GET_TASK_TYPE_TASK_FOR_PID   EsGetTaskType = 0
)

func (EsGetTaskType) String added in v0.5.1 

func (e EsGetTaskType) String() string

type EsMountDisposition added in v0.5.1 

type EsMountDisposition int32
const (
	ES_MOUNT_DISPOSITION_EXTERNAL EsMountDisposition = 0
	ES_MOUNT_DISPOSITION_INTERNAL EsMountDisposition = 1
	ES_MOUNT_DISPOSITION_NETWORK  EsMountDisposition = 2
	ES_MOUNT_DISPOSITION_NULLFS   EsMountDisposition = 4
	ES_MOUNT_DISPOSITION_UNKNOWN  EsMountDisposition = 5
	ES_MOUNT_DISPOSITION_VIRTUAL  EsMountDisposition = 3
)

func (EsMountDisposition) String added in v0.5.1 

func (e EsMountDisposition) String() string

type EsMute added in v0.5.1 

type EsMute int32
const (
	ES_MUTE_INVERTED       EsMute = 0
	ES_MUTE_INVERTED_ERROR EsMute = 2
	ES_MUTE_NOT_INVERTED   EsMute = 1
)

func (EsMute) String added in v0.5.1 

func (e EsMute) String() string

type EsMuteInversionType added in v0.5.1 

type EsMuteInversionType int32
const (
	ES_MUTE_INVERSION_TYPE_LAST        EsMuteInversionType = 3
	ES_MUTE_INVERSION_TYPE_PATH        EsMuteInversionType = 1
	ES_MUTE_INVERSION_TYPE_PROCESS     EsMuteInversionType = 0
	ES_MUTE_INVERSION_TYPE_TARGET_PATH EsMuteInversionType = 2
)

func (EsMuteInversionType) String added in v0.5.1 

func (e EsMuteInversionType) String() string

type EsMutePathType added in v0.5.1 

type EsMutePathType int32
const (
	// ES_MUTE_PATH_TYPE_LITERAL: A type for a path string used as a path literal.
	ES_MUTE_PATH_TYPE_LITERAL EsMutePathType = 1
	// ES_MUTE_PATH_TYPE_PREFIX: A type for a path string used as a prefix.
	ES_MUTE_PATH_TYPE_PREFIX         EsMutePathType = 0
	ES_MUTE_PATH_TYPE_TARGET_LITERAL EsMutePathType = 3
	ES_MUTE_PATH_TYPE_TARGET_PREFIX  EsMutePathType = 2
)

func (EsMutePathType) String added in v0.5.1 

func (e EsMutePathType) String() string

type EsNewClientResult added in v0.5.1 

type EsNewClientResult int32
const (
	// ES_NEW_CLIENT_RESULT_ERR_INTERNAL: Communication with the Endpoint Security subsystem failed.
	ES_NEW_CLIENT_RESULT_ERR_INTERNAL EsNewClientResult = 2
	// ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT: The attempt to create a new client contained one or more invalid arguments.
	ES_NEW_CLIENT_RESULT_ERR_INVALID_ARGUMENT EsNewClientResult = 1
	// ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED: The caller isn’t properly entitled to connect to Endpoint Security.
	ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED EsNewClientResult = 3
	// ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED: The caller isn’t permitted to connect to Endpoint Security.
	ES_NEW_CLIENT_RESULT_ERR_NOT_PERMITTED EsNewClientResult = 4
	// ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED: The caller isn’t running as root.
	ES_NEW_CLIENT_RESULT_ERR_NOT_PRIVILEGED EsNewClientResult = 5
	// ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS: The caller has reached the maximum allowed number of simultaneously connected clients.
	ES_NEW_CLIENT_RESULT_ERR_TOO_MANY_CLIENTS EsNewClientResult = 6
	// ES_NEW_CLIENT_RESULT_SUCCESS: Endpoint Security successfully created the new client.
	ES_NEW_CLIENT_RESULT_SUCCESS EsNewClientResult = 0
)

func Es_new_client 

func Es_new_client(client **Es_client_t, handler Es_handler_block_t) EsNewClientResult

Es_new_client creates a new client instance and connects it to the Endpoint Security system.

See: https://developer.apple.com/documentation/EndpointSecurity/es_new_client(_:_:)

func (EsNewClientResult) String added in v0.5.1 

func (e EsNewClientResult) String() string

type EsOdAccountType added in v0.5.1 

type EsOdAccountType int32
const (
	ES_OD_ACCOUNT_TYPE_COMPUTER EsOdAccountType = 1
	ES_OD_ACCOUNT_TYPE_USER     EsOdAccountType = 0
)

func (EsOdAccountType) String added in v0.5.1 

func (e EsOdAccountType) String() string

type EsOdMemberType added in v0.5.1 

type EsOdMemberType int32
const (
	ES_OD_MEMBER_TYPE_GROUP_UUID EsOdMemberType = 2
	ES_OD_MEMBER_TYPE_USER_NAME  EsOdMemberType = 0
	ES_OD_MEMBER_TYPE_USER_UUID  EsOdMemberType = 1
)

func (EsOdMemberType) String added in v0.5.1 

func (e EsOdMemberType) String() string

type EsOdRecordType added in v0.5.1 

type EsOdRecordType int32
const (
	ES_OD_RECORD_TYPE_GROUP EsOdRecordType = 1
	ES_OD_RECORD_TYPE_USER  EsOdRecordType = 0
)

func (EsOdRecordType) String added in v0.5.1 

func (e EsOdRecordType) String() string

type EsOpenssh added in v0.5.1 

type EsOpenssh int32
const (
	ES_OPENSSH_AUTH_FAIL_GSSAPI      EsOpenssh = 8
	ES_OPENSSH_AUTH_FAIL_HOSTBASED   EsOpenssh = 7
	ES_OPENSSH_AUTH_FAIL_KBDINT      EsOpenssh = 5
	ES_OPENSSH_AUTH_FAIL_NONE        EsOpenssh = 3
	ES_OPENSSH_AUTH_FAIL_PASSWD      EsOpenssh = 4
	ES_OPENSSH_AUTH_FAIL_PUBKEY      EsOpenssh = 6
	ES_OPENSSH_AUTH_SUCCESS          EsOpenssh = 2
	ES_OPENSSH_INVALID_USER          EsOpenssh = 9
	ES_OPENSSH_LOGIN_EXCEED_MAXTRIES EsOpenssh = 0
	ES_OPENSSH_LOGIN_ROOT_DENIED     EsOpenssh = 1
)

func (EsOpenssh) String added in v0.5.1 

func (e EsOpenssh) String() string

type EsProcCheckType added in v0.5.1 

type EsProcCheckType int32
const (
	// ES_PROC_CHECK_TYPE_DIRTYCONTROL: A type of process check that uses the process’s dirty state.
	ES_PROC_CHECK_TYPE_DIRTYCONTROL EsProcCheckType = 8
	// ES_PROC_CHECK_TYPE_KERNMSGBUF: A type of process check that checks the message buffer.
	ES_PROC_CHECK_TYPE_KERNMSGBUF EsProcCheckType = 4
	// ES_PROC_CHECK_TYPE_LISTPIDS: A type of process check that lists related process identifiers.
	ES_PROC_CHECK_TYPE_LISTPIDS EsProcCheckType = 1
	// ES_PROC_CHECK_TYPE_PIDFDINFO: A type of process check that gets file descriptor information.
	ES_PROC_CHECK_TYPE_PIDFDINFO EsProcCheckType = 3
	// ES_PROC_CHECK_TYPE_PIDFILEPORTINFO: A type of process check that gets port information.
	ES_PROC_CHECK_TYPE_PIDFILEPORTINFO EsProcCheckType = 6
	// ES_PROC_CHECK_TYPE_PIDINFO: A type of process check that gets basic process information.
	ES_PROC_CHECK_TYPE_PIDINFO EsProcCheckType = 2
	// ES_PROC_CHECK_TYPE_PIDRUSAGE: A type of process check that gets a process’s resource usage information.
	ES_PROC_CHECK_TYPE_PIDRUSAGE EsProcCheckType = 9
	// ES_PROC_CHECK_TYPE_SETCONTROL: A type of process check that sets the process control state.
	ES_PROC_CHECK_TYPE_SETCONTROL EsProcCheckType = 5
	// ES_PROC_CHECK_TYPE_TERMINATE: A type of process check that terninates a process.
	ES_PROC_CHECK_TYPE_TERMINATE EsProcCheckType = 7
	// ES_PROC_CHECK_TYPE_UDATA_INFO: A type of process check that involves a user data token.
	ES_PROC_CHECK_TYPE_UDATA_INFO EsProcCheckType = 14
)

func (EsProcCheckType) String added in v0.5.1 

func (e EsProcCheckType) String() string

type EsProcSuspendResumeType added in v0.5.1 

type EsProcSuspendResumeType int32
const (
	// ES_PROC_SUSPEND_RESUME_TYPE_RESUME: An event type for process resumption events.
	ES_PROC_SUSPEND_RESUME_TYPE_RESUME EsProcSuspendResumeType = 1
	// ES_PROC_SUSPEND_RESUME_TYPE_SHUTDOWN_SOCKETS: An event type for process socket shutdown events.
	ES_PROC_SUSPEND_RESUME_TYPE_SHUTDOWN_SOCKETS EsProcSuspendResumeType = 3
	// ES_PROC_SUSPEND_RESUME_TYPE_SUSPEND: An event type for process suspension events.
	ES_PROC_SUSPEND_RESUME_TYPE_SUSPEND EsProcSuspendResumeType = 0
)

func (EsProcSuspendResumeType) String added in v0.5.1 

func (e EsProcSuspendResumeType) String() string

type EsProfileSource added in v0.5.1 

type EsProfileSource int32
const (
	ES_PROFILE_SOURCE_INSTALL EsProfileSource = 1
	ES_PROFILE_SOURCE_MANAGED EsProfileSource = 0
)

func (EsProfileSource) String added in v0.5.1 

func (e EsProfileSource) String() string

type EsRespondResult added in v0.5.1 

type EsRespondResult int32
const (
	// ES_RESPOND_RESULT_ERR_DUPLICATE_RESPONSE: The caller responded to a message that already received a response.
	ES_RESPOND_RESULT_ERR_DUPLICATE_RESPONSE EsRespondResult = 4
	// ES_RESPOND_RESULT_ERR_EVENT_TYPE: The caller performed an inappropriate response to the event.
	ES_RESPOND_RESULT_ERR_EVENT_TYPE EsRespondResult = 5
	// ES_RESPOND_RESULT_ERR_INTERNAL: Communication with the Endpoint Security system failed.
	ES_RESPOND_RESULT_ERR_INTERNAL EsRespondResult = 2
	// ES_RESPOND_RESULT_ERR_INVALID_ARGUMENT: The caller provided one or more invalid arguments.
	ES_RESPOND_RESULT_ERR_INVALID_ARGUMENT EsRespondResult = 1
	// ES_RESPOND_RESULT_NOT_FOUND: The system couldn’t find the message that the caller sent this response to.
	ES_RESPOND_RESULT_NOT_FOUND EsRespondResult = 3
	// ES_RESPOND_RESULT_SUCCESS: Endpoint Security successfully delivered the response.
	ES_RESPOND_RESULT_SUCCESS EsRespondResult = 0
)

func Es_respond_auth_result 

func Es_respond_auth_result(client *Es_client_t, message *Es_message_t, result EsAuthResult, cache bool) EsRespondResult

Es_respond_auth_result responds to an event that requires an authorization response.

See: https://developer.apple.com/documentation/EndpointSecurity/es_respond_auth_result(_:_:_:_:)

func Es_respond_flags_result 

func Es_respond_flags_result(client *Es_client_t, message *Es_message_t, authorized_flags uint32, cache bool) EsRespondResult

Es_respond_flags_result responds to an event that requires authorization flags as a response.

See: https://developer.apple.com/documentation/EndpointSecurity/es_respond_flags_result(_:_:_:_:)

func (EsRespondResult) String added in v0.5.1 

func (e EsRespondResult) String() string

type EsResultType added in v0.5.1 

type EsResultType int32
const (
	// ES_RESULT_TYPE_AUTH: The authorization result type.
	ES_RESULT_TYPE_AUTH EsResultType = 0
	// ES_RESULT_TYPE_FLAGS: The flags result type.
	ES_RESULT_TYPE_FLAGS EsResultType = 1
)

func (EsResultType) String added in v0.5.1 

func (e EsResultType) String() string

type EsReturn added in v0.5.1 

type EsReturn int32
const (
	// ES_RETURN_ERROR: The action failed with an error.
	ES_RETURN_ERROR EsReturn = 1
	// ES_RETURN_SUCCESS: The action succeeded.
	ES_RETURN_SUCCESS EsReturn = 0
)

func Es_subscribe 

func Es_subscribe(client *Es_client_t, events *EsEventType, event_count uint32) EsReturn

Es_subscribe subscribes a client to a set of events.

See: https://developer.apple.com/documentation/EndpointSecurity/es_subscribe(_:_:_:)

func (EsReturn) String added in v0.5.1 

func (e EsReturn) String() string

type EsSudoPluginType added in v0.5.1 

type EsSudoPluginType int32
const (
	ES_SUDO_PLUGIN_TYPE_APPROVAL  EsSudoPluginType = 5
	ES_SUDO_PLUGIN_TYPE_AUDIT     EsSudoPluginType = 4
	ES_SUDO_PLUGIN_TYPE_FRONT_END EsSudoPluginType = 1
	ES_SUDO_PLUGIN_TYPE_IO        EsSudoPluginType = 3
	ES_SUDO_PLUGIN_TYPE_POLICY    EsSudoPluginType = 2
	ES_SUDO_PLUGIN_TYPE_UNKNOWN   EsSudoPluginType = 0
)

func (EsSudoPluginType) String added in v0.5.1 

func (e EsSudoPluginType) String() string

type EsTccAuthorizationReason added in v0.5.1 

type EsTccAuthorizationReason int32
const (
	// ES_TCC_AUTHORIZATION_REASON_APP_TYPE_POLICY: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_APP_TYPE_POLICY EsTccAuthorizationReason = 12
	// ES_TCC_AUTHORIZATION_REASON_ENTITLED: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_ENTITLED EsTccAuthorizationReason = 11
	ES_TCC_AUTHORIZATION_REASON_ERROR    EsTccAuthorizationReason = 1
	// ES_TCC_AUTHORIZATION_REASON_MDM_POLICY: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_MDM_POLICY EsTccAuthorizationReason = 6
	// ES_TCC_AUTHORIZATION_REASON_MISSING_USAGE_STRING: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_MISSING_USAGE_STRING EsTccAuthorizationReason = 8
	ES_TCC_AUTHORIZATION_REASON_NONE                 EsTccAuthorizationReason = 0
	// ES_TCC_AUTHORIZATION_REASON_PREFLIGHT_UNKNOWN: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_PREFLIGHT_UNKNOWN EsTccAuthorizationReason = 10
	// ES_TCC_AUTHORIZATION_REASON_PROMPT_CANCEL: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_PROMPT_CANCEL EsTccAuthorizationReason = 13
	// ES_TCC_AUTHORIZATION_REASON_PROMPT_TIMEOUT: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_PROMPT_TIMEOUT EsTccAuthorizationReason = 9
	// ES_TCC_AUTHORIZATION_REASON_SERVICE_OVERRIDE_POLICY: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_SERVICE_OVERRIDE_POLICY EsTccAuthorizationReason = 7
	// ES_TCC_AUTHORIZATION_REASON_SERVICE_POLICY: A system process changed the authorization right
	ES_TCC_AUTHORIZATION_REASON_SERVICE_POLICY EsTccAuthorizationReason = 5
	// ES_TCC_AUTHORIZATION_REASON_SYSTEM_SET: User changed the authorization right via Preferences
	ES_TCC_AUTHORIZATION_REASON_SYSTEM_SET   EsTccAuthorizationReason = 4
	ES_TCC_AUTHORIZATION_REASON_USER_CONSENT EsTccAuthorizationReason = 2
	// ES_TCC_AUTHORIZATION_REASON_USER_SET: User answered a prompt
	ES_TCC_AUTHORIZATION_REASON_USER_SET EsTccAuthorizationReason = 3
)

func (EsTccAuthorizationReason) String added in v0.5.1 

func (e EsTccAuthorizationReason) String() string

type EsTccAuthorizationRight added in v0.5.1 

type EsTccAuthorizationRight int32
const (
	ES_TCC_AUTHORIZATION_RIGHT_ADD_MODIFY_ADDED EsTccAuthorizationRight = 4
	ES_TCC_AUTHORIZATION_RIGHT_ALLOWED          EsTccAuthorizationRight = 2
	ES_TCC_AUTHORIZATION_RIGHT_DENIED           EsTccAuthorizationRight = 0
	ES_TCC_AUTHORIZATION_RIGHT_LEARN_MORE       EsTccAuthorizationRight = 6
	ES_TCC_AUTHORIZATION_RIGHT_LIMITED          EsTccAuthorizationRight = 3
	ES_TCC_AUTHORIZATION_RIGHT_SESSION_PID      EsTccAuthorizationRight = 5
	ES_TCC_AUTHORIZATION_RIGHT_UNKNOWN          EsTccAuthorizationRight = 1
)

func (EsTccAuthorizationRight) String added in v0.5.1 

func (e EsTccAuthorizationRight) String() string

type EsTccEventType added in v0.5.1 

type EsTccEventType int32
const (
	ES_TCC_EVENT_TYPE_CREATE  EsTccEventType = 1
	ES_TCC_EVENT_TYPE_DELETE  EsTccEventType = 3
	ES_TCC_EVENT_TYPE_MODIFY  EsTccEventType = 2
	ES_TCC_EVENT_TYPE_UNKNOWN EsTccEventType = 0
)

func (EsTccEventType) String added in v0.5.1 

func (e EsTccEventType) String() string

type EsTccIdentityType added in v0.5.1 

type EsTccIdentityType int32
const (
	ES_TCC_IDENTITY_TYPE_BUNDLE_ID               EsTccIdentityType = 0
	ES_TCC_IDENTITY_TYPE_EXECUTABLE_PATH         EsTccIdentityType = 1
	ES_TCC_IDENTITY_TYPE_FILE_PROVIDER_DOMAIN_ID EsTccIdentityType = 3
	ES_TCC_IDENTITY_TYPE_POLICY_ID               EsTccIdentityType = 2
)

func (EsTccIdentityType) String added in v0.5.1 

func (e EsTccIdentityType) String() string

type EsTouchidMode added in v0.5.1 

type EsTouchidMode int32
const (
	ES_TOUCHID_MODE_IDENTIFICATION EsTouchidMode = 1
	ES_TOUCHID_MODE_VERIFICATION   EsTouchidMode = 0
)

func (EsTouchidMode) String added in v0.5.1 

func (e EsTouchidMode) String() string

type EsXPCDomainType added in v0.5.1 

type EsXPCDomainType int32
const (
	ES_XPC_DOMAIN_TYPE_GUI        EsXPCDomainType = 8
	ES_XPC_DOMAIN_TYPE_MANAGER    EsXPCDomainType = 6
	ES_XPC_DOMAIN_TYPE_PID        EsXPCDomainType = 5
	ES_XPC_DOMAIN_TYPE_PORT       EsXPCDomainType = 7
	ES_XPC_DOMAIN_TYPE_SESSION    EsXPCDomainType = 4
	ES_XPC_DOMAIN_TYPE_SYSTEM     EsXPCDomainType = 1
	ES_XPC_DOMAIN_TYPE_USER       EsXPCDomainType = 2
	ES_XPC_DOMAIN_TYPE_USER_LOGIN EsXPCDomainType = 3
)

func (EsXPCDomainType) String added in v0.5.1 

func (e EsXPCDomainType) String() string

type Es_authorization_result_t 

type Es_authorization_result_t struct {
	Right_name Es_string_token_t
	Rule_class unsafe.Pointer
	Granted    bool
}

Es_authorization_result_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_authorization_result_t

type Es_btm_launch_item_t 

type Es_btm_launch_item_t struct {
	Item_type unsafe.Pointer
	Legacy    bool
	Managed   bool
	Uid       uint32
	Item_url  Es_string_token_t
	App_url   Es_string_token_t
}

Es_btm_launch_item_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_btm_launch_item_t

type Es_cdhash_t 

type Es_cdhash_t = unsafe.Pointer

See: https://developer.apple.com/documentation/EndpointSecurity/es_cdhash_t

type Es_client_t 

type Es_client_t = unsafe.Pointer

Es_client_t is an opaque type that stores the Endpoint Security client state.

See: https://developer.apple.com/documentation/EndpointSecurity/es_client_t

type Es_event_access_t 

type Es_event_access_t struct {
	Mode     int32      // The file access permission to check.
	Target   *Es_file_t // The file to check for access.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_access_t - A type for an event that indicates the checking of a file’s access permission.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_access_t

type Es_event_authentication_auto_unlock_t 

type Es_event_authentication_auto_unlock_t struct {
	Username Es_string_token_t
	Type     unsafe.Pointer
}

Es_event_authentication_auto_unlock_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_auto_unlock_t

type Es_event_authentication_od_t 

type Es_event_authentication_od_t struct {
	Instigator       *Es_process_t
	Record_type      Es_string_token_t
	Record_name      Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_authentication_od_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_od_t

type Es_event_authentication_t 

type Es_event_authentication_t struct {
	Success     bool
	Type        unsafe.Pointer
	Data        [8]byte
	Auto_unlock *Es_event_authentication_auto_unlock_t
	Od          *Es_event_authentication_od_t
	Token       *Es_event_authentication_token_t
	Touchid     *Es_event_authentication_touchid_t
}

Es_event_authentication_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_t

type Es_event_authentication_token_t 

type Es_event_authentication_token_t struct {
	Instigator         *Es_process_t
	Pubkey_hash        Es_string_token_t
	Token_id           Es_string_token_t
	Kerberos_principal Es_string_token_t
	Instigator_token   [32]byte
}

Es_event_authentication_token_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_token_t

type Es_event_authentication_touchid_t 

type Es_event_authentication_touchid_t struct {
	Instigator       *Es_process_t
	Touchid_mode     unsafe.Pointer
	Has_uid          bool
	Instigator_token [32]byte
	Uid              [4]byte
}

Es_event_authentication_touchid_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authentication_touchid_t

type Es_event_authorization_judgement_t 

type Es_event_authorization_judgement_t struct {
	Instigator       *Es_process_t
	Petitioner       *Es_process_t
	Return_code      int
	Result_count     uintptr
	Results          *Es_authorization_result_t
	Instigator_token [32]byte
	Petitioner_token [32]byte
}

Es_event_authorization_judgement_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authorization_judgement_t

type Es_event_authorization_petition_t 

type Es_event_authorization_petition_t struct {
	Instigator       *Es_process_t
	Petitioner       *Es_process_t
	Flags            uint32
	Right_count      uintptr
	Rights           *Es_string_token_t
	Instigator_token [32]byte
	Petitioner_token [32]byte
}

Es_event_authorization_petition_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_authorization_petition_t

type Es_event_btm_launch_item_add_t 

type Es_event_btm_launch_item_add_t struct {
	Instigator       *Es_process_t
	App              *Es_process_t
	Item             *Es_btm_launch_item_t
	Executable_path  Es_string_token_t
	Instigator_token *[32]byte
	App_token        *[32]byte
}

Es_event_btm_launch_item_add_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_btm_launch_item_add_t

type Es_event_btm_launch_item_remove_t 

type Es_event_btm_launch_item_remove_t struct {
	Instigator       *Es_process_t
	App              *Es_process_t
	Item             *Es_btm_launch_item_t
	Instigator_token *[32]byte
	App_token        *[32]byte
}

Es_event_btm_launch_item_remove_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_btm_launch_item_remove_t

type Es_event_chdir_t 

type Es_event_chdir_t struct {
	Target   *Es_file_t // The new current working directory.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_chdir_t - A type for an event that indicates a change to a process’s working directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_chdir_t

type Es_event_chroot_t 

type Es_event_chroot_t struct {
	Target   *Es_file_t // The new root directory.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_chroot_t - A type for an event that indicates a change to a process’s root directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_chroot_t

type Es_event_clone_t 

type Es_event_clone_t struct {
	Source      *Es_file_t        // The file to clone.
	Target_dir  *Es_file_t        // The directory that contains the cloned file.
	Target_name Es_string_token_t // The name of the newly cloned file.
	Reserved    uint8             // An unused field reserved for future use.

}

Es_event_clone_t - A type for an event that indicates the cloning of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_clone_t

type Es_event_close_t 

type Es_event_close_t struct {
	Modified            bool       // A Boolean value that indicates whether the file has modifications.
	Target              *Es_file_t // The file to close.
	Reserved            uint8
	Was_mapped_writable bool
}

Es_event_close_t - A type for an event that indicates the closing of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_close_t

type Es_event_copyfile_t 

type Es_event_copyfile_t struct {
	Source      *Es_file_t        // The file to clone.
	Target_file *Es_file_t        // The file, if any, that exists at the target location.
	Target_dir  *Es_file_t        // The directory that contains the copied file.
	Target_name Es_string_token_t // The name of the newly copied file.
	Mode        uint16            // The mode argument of the system call.
	Flags       int32             // The flags argument of the system call.
	Reserved    uint8             // An unused field reserved for future use.

}

Es_event_copyfile_t - A type for an event that indicates the copying of a file by use of a system call.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_copyfile_t

type Es_event_create_t 

type Es_event_create_t struct {
	Destination_type EsDestinationType // The type of destination for the event, which can be either an existing file or information that describes a new file’s pending location.
	Destination      [32]byte          // The file system destination of the created file.
	Reserved2        uint8             // An unused field reserved for future use.
	Acl              unsafe.Pointer
	Existing_file    *Es_file_t
	New_path         unsafe.Pointer
	Dir              *Es_file_t
	Filename         Es_string_token_t
	Mode             uint16
	Reserved         uint8
}

Es_event_create_t - A type for an event that indicates the creation of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_create_t

type Es_event_cs_invalidated_t 

type Es_event_cs_invalidated_t struct {
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_cs_invalidated_t - A type for an event that indicates the invalidation of a process’ code signing status.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_cs_invalidated_t

type Es_event_deleteextattr_t 

type Es_event_deleteextattr_t struct {
	Target   *Es_file_t        // The file containing extended attributes to delete.
	Extattr  Es_string_token_t // The extended attribute to delete.
	Reserved uint8             // An unused field reserved for future use.

}

Es_event_deleteextattr_t - A type for an event that indicates the deletion of an extended attribute from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_deleteextattr_t

type Es_event_dup_t 

type Es_event_dup_t struct {
	Target   *Es_file_t // The file that the duplicated file descriptor points to.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_dup_t - A type for an event that indicates the duplication of a file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_dup_t

type Es_event_exchangedata_t 

type Es_event_exchangedata_t struct {
	File1    *Es_file_t // The first file involved in the data exchange.
	File2    *Es_file_t // The second file involved in the data exchange.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_exchangedata_t - A type for an event that indicates the exchange of data between two files.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exchangedata_t

type Es_event_exec_t 

type Es_event_exec_t struct {
	Target           *Es_process_t // The process to execute.
	Dyld_exec_path   Es_string_token_t
	Cwd              *Es_file_t
	Image_cpusubtype int32
	Image_cputype    int32
	Last_fd          int
	Reserved         uint8
	Script           *Es_file_t
}

Es_event_exec_t - A type for an event that indicates the execution of a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exec_t

type Es_event_exit_t 

type Es_event_exit_t struct {
	Stat     int   // The exit status of the process.
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_exit_t - A type for an event that indicates a process exiting.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_exit_t

type Es_event_fcntl_t 

type Es_event_fcntl_t struct {
	Target   *Es_file_t // The target file to modify.
	Cmd      int32      // The file descriptor modification command.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_fcntl_t - A type for an event that indicates the manipulation of a file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fcntl_t

type Es_event_file_provider_materialize_t 

type Es_event_file_provider_materialize_t struct {
	Instigator       *Es_process_t // The process that instigated the event.
	Source           *Es_file_t    // The source file.
	Target           *Es_file_t    // The target fle.
	Instigator_token [32]byte
	Reserved         uint8 // An unused field reserved for future use.

}

Es_event_file_provider_materialize_t - A type for an event that indicates the materialization of a file provider.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_file_provider_materialize_t

type Es_event_file_provider_update_t 

type Es_event_file_provider_update_t struct {
	Source      *Es_file_t        // The source file of the event.
	Target_path Es_string_token_t // The target path to update.
	Reserved    uint8             // An unused field reserved for future use.

}

Es_event_file_provider_update_t - A type for an event that indicates an update to a file provider.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_file_provider_update_t

type Es_event_fork_t 

type Es_event_fork_t struct {
	Child    *Es_process_t // The forked child process.
	Reserved uint8         // An unused field reserved for future use.

}

Es_event_fork_t - A type for an event that indicates the forking of a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fork_t

type Es_event_fsgetpath_t 

type Es_event_fsgetpath_t struct {
	Target   *Es_file_t // The file-system path of the targeted file.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_fsgetpath_t - A type for an event that indicates the retrieval of a file-system path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_fsgetpath_t

type Es_event_gatekeeper_user_override_t 

type Es_event_gatekeeper_user_override_t struct {
	File_type    unsafe.Pointer
	Sha256       *Es_sha256_t
	Signing_info *Es_signed_file_info_t
	File         [16]byte
	File_path    Es_string_token_t
}

Es_event_gatekeeper_user_override_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_gatekeeper_user_override_t

type Es_event_get_task_inspect_t 

type Es_event_get_task_inspect_t struct {
	Target   *Es_process_t // The process targeted by this event.
	Type     unsafe.Pointer
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_get_task_inspect_t - A type for an event that indicates the retrieval of a task’s inspect port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_inspect_t

type Es_event_get_task_name_t 

type Es_event_get_task_name_t struct {
	Target   *Es_process_t // The process targeted by this event.
	Type     unsafe.Pointer
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_get_task_name_t - A type for an event that indicates the retrieval of a task’s name port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_name_t

type Es_event_get_task_read_t 

type Es_event_get_task_read_t struct {
	Target   *Es_process_t // The process targeted by this event.
	Type     unsafe.Pointer
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_get_task_read_t - A type for an event that indicates the retrieval of a task’s read port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_read_t

type Es_event_get_task_t 

type Es_event_get_task_t struct {
	Target   *Es_process_t // The process targeted by this event.
	Type     unsafe.Pointer
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_get_task_t - A type for an event that indicates the retrieval of a task’s control port.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_get_task_t

type Es_event_getattrlist_t 

type Es_event_getattrlist_t struct {
	Attrlist kernel.Attrlist // The attributes to retrieve, such as volume, directory, file, and fork attributes.
	Target   *Es_file_t      // The file for which to retrieve attributes.
	Reserved uint8           // An unused field reserved for future use.

}

Es_event_getattrlist_t - A type for an event that indicates the retrieval of attributes from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_getattrlist_t

type Es_event_getextattr_t 

type Es_event_getextattr_t struct {
	Target   *Es_file_t        // The file containing extended attributes to retrieve.
	Extattr  Es_string_token_t // The extended attribute to retrieve.
	Reserved uint8             // An unused field reserved for future use.

}

Es_event_getextattr_t - A type for an event that indicates the retrieval of an extended attribute from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_getextattr_t

type Es_event_id_t 

type Es_event_id_t struct {
	Reserved uint8 // An opaque value.

}

Es_event_id_t - An opaque identifier for events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_id_t

type Es_event_iokit_open_t 

type Es_event_iokit_open_t struct {
	User_client_type   uint32            // The type of the IOKit client.
	User_client_class  Es_string_token_t // The name of the IOKit service client.
	Parent_registry_id uint64
	Parent_path        Es_string_token_t
	Reserved           uint8 // An unused field reserved for future use.

}

Es_event_iokit_open_t - A type for an event that indicates the opening of an IOKit device.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_iokit_open_t

type Es_event_kextload_t 

type Es_event_kextload_t struct {
	Identifier Es_string_token_t // A string identifying the kernel extension.
	Reserved   uint8             // An unused field reserved for future use.

}

Es_event_kextload_t - A type for an event that indicates the loading of a kernel extension.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_kextload_t

type Es_event_kextunload_t 

type Es_event_kextunload_t struct {
	Identifier Es_string_token_t // A string identifying the kernel extension.
	Reserved   uint8             // An unused field reserved for future use.

}

Es_event_kextunload_t - A type for an event that indicates the unloading of a Kernel Extension (KEXT).

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_kextunload_t 

type Es_event_link_t struct {
	Source          *Es_file_t        // The source file for the link.
	Target_dir      *Es_file_t        // The directory that contains the newly-created link.
	Target_filename Es_string_token_t // The file name of the symbolic link.
	Reserved        uint8             // An unused field reserved for future use.

}

Es_event_link_t - A type for an event that indicates the creation of a hard link.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_link_t

type Es_event_listextattr_t 

type Es_event_listextattr_t struct {
	Target   *Es_file_t // The file containing extended attributes to list.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_listextattr_t - A type for an event that indicates the retrieval of multiple extended attributes from a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_listextattr_t

type Es_event_login_login_t 

type Es_event_login_login_t struct {
	Success         bool
	Failure_message Es_string_token_t
	Username        Es_string_token_t
	Has_uid         bool
	Uid             [4]byte
}

Es_event_login_login_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_login_login_t

type Es_event_login_logout_t 

type Es_event_login_logout_t struct {
	Username Es_string_token_t
	Uid      uint32
}

Es_event_login_logout_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_login_logout_t

type Es_event_lookup_t 

type Es_event_lookup_t struct {
	Source_dir      *Es_file_t        // The source directory to look up.
	Relative_target Es_string_token_t // The filename to look up.
	Reserved        uint8             // An unused field reserved for future use.

}

Es_event_lookup_t - A type for an event that indicates the lookup of a file’s path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lookup_t

type Es_event_lw_session_lock_t 

type Es_event_lw_session_lock_t struct {
	Username             Es_string_token_t
	Graphical_session_id Es_graphical_session_id_t
}

Es_event_lw_session_lock_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_lock_t

type Es_event_lw_session_login_t 

type Es_event_lw_session_login_t struct {
	Username             Es_string_token_t
	Graphical_session_id Es_graphical_session_id_t
}

Es_event_lw_session_login_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_login_t

type Es_event_lw_session_logout_t 

type Es_event_lw_session_logout_t struct {
	Username             Es_string_token_t
	Graphical_session_id Es_graphical_session_id_t
}

Es_event_lw_session_logout_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_logout_t

type Es_event_lw_session_unlock_t 

type Es_event_lw_session_unlock_t struct {
	Username             Es_string_token_t
	Graphical_session_id Es_graphical_session_id_t
}

Es_event_lw_session_unlock_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_lw_session_unlock_t

type Es_event_mmap_t 

type Es_event_mmap_t struct {
	Protection     int32      // Options that affect the protection of mapped memory pages.
	Max_protection int32      // The maximum value you can use for protection flags.
	Flags          int32      // Flags that affect the behavior of the memory mapping operation.
	File_pos       uint64     // The offset into the memory-map file.
	Source         *Es_file_t // The file to map memory into.
	Reserved       uint8      // An unused field reserved for future use.

}

Es_event_mmap_t - A type for an event that indicates the mapping of memory to a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mmap_t

type Es_event_mount_t 

type Es_event_mount_t struct {
	Statfs      objectivec.IObject // The statistics of the mounted file system.
	Disposition unsafe.Pointer
	Reserved    uint8 // An unused field reserved for future use.

}

Es_event_mount_t - A type for an event that indicates the mounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mount_t

type Es_event_mprotect_t 

type Es_event_mprotect_t struct {
	Protection int32              // The protection to apply to the memory-mapped range.
	Address    kernel.User_addr_t // The starting memory address to protect.
	Size       kernel.User_size_t // The length of the address range to protect.
	Reserved   uint8              // An unused field reserved for future use.

}

Es_event_mprotect_t - A type for an event that indicates a change to protection of memory-mapped pages.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_mprotect_t

type Es_event_od_attribute_set_t 

type Es_event_od_attribute_set_t struct {
	Instigator            *Es_process_t
	Error_code            int
	Record_type           unsafe.Pointer
	Record_name           Es_string_token_t
	Attribute_name        Es_string_token_t
	Attribute_value_count uintptr
	Attribute_values      *Es_string_token_t
	Node_name             Es_string_token_t
	Db_path               Es_string_token_t
	Instigator_token      [32]byte
}

Es_event_od_attribute_set_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_set_t

type Es_event_od_attribute_value_add_t 

type Es_event_od_attribute_value_add_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Record_type      unsafe.Pointer
	Record_name      Es_string_token_t
	Attribute_name   Es_string_token_t
	Attribute_value  Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_attribute_value_add_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_value_add_t

type Es_event_od_attribute_value_remove_t 

type Es_event_od_attribute_value_remove_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Record_type      unsafe.Pointer
	Record_name      Es_string_token_t
	Attribute_name   Es_string_token_t
	Attribute_value  Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_attribute_value_remove_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_attribute_value_remove_t

type Es_event_od_create_group_t 

type Es_event_od_create_group_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Group_name       Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_create_group_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_create_group_t

type Es_event_od_create_user_t 

type Es_event_od_create_user_t struct {
	Instigator       *Es_process_t
	Error_code       int
	User_name        Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_create_user_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_create_user_t

type Es_event_od_delete_group_t 

type Es_event_od_delete_group_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Group_name       Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_delete_group_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_delete_group_t

type Es_event_od_delete_user_t 

type Es_event_od_delete_user_t struct {
	Instigator       *Es_process_t
	Error_code       int
	User_name        Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_delete_user_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_delete_user_t

type Es_event_od_disable_user_t 

type Es_event_od_disable_user_t struct {
	Instigator       *Es_process_t
	Error_code       int
	User_name        Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_disable_user_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_disable_user_t

type Es_event_od_enable_user_t 

type Es_event_od_enable_user_t struct {
	Instigator       *Es_process_t
	Error_code       int
	User_name        Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_enable_user_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_enable_user_t

type Es_event_od_group_add_t 

type Es_event_od_group_add_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Group_name       Es_string_token_t
	Member           *Es_od_member_id_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_group_add_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_add_t

type Es_event_od_group_remove_t 

type Es_event_od_group_remove_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Group_name       Es_string_token_t
	Member           *Es_od_member_id_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_group_remove_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_remove_t

type Es_event_od_group_set_t 

type Es_event_od_group_set_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Group_name       Es_string_token_t
	Members          *Es_od_member_id_array_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_group_set_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_group_set_t

type Es_event_od_modify_password_t 

type Es_event_od_modify_password_t struct {
	Instigator       *Es_process_t
	Error_code       int
	Account_type     unsafe.Pointer
	Account_name     Es_string_token_t
	Node_name        Es_string_token_t
	Db_path          Es_string_token_t
	Instigator_token [32]byte
}

Es_event_od_modify_password_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_od_modify_password_t

type Es_event_open_t 

type Es_event_open_t struct {
	Fflag    int32      // The file-opening mask as applied by the kernel.
	File     *Es_file_t // The file to open.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_open_t - A type for an event that indicates the opening of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_open_t

type Es_event_openssh_login_t 

type Es_event_openssh_login_t struct {
	Success             bool
	Result_type         unsafe.Pointer
	Source_address_type unsafe.Pointer
	Source_address      Es_string_token_t
	Username            Es_string_token_t
	Has_uid             bool
	Uid                 [4]byte
}

Es_event_openssh_login_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_openssh_login_t

type Es_event_openssh_logout_t 

type Es_event_openssh_logout_t struct {
	Source_address_type unsafe.Pointer
	Source_address      Es_string_token_t
	Username            Es_string_token_t
	Uid                 uint32
}

Es_event_openssh_logout_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_openssh_logout_t

type Es_event_proc_check_t 

type Es_event_proc_check_t struct {
	Target   *Es_process_t  // The process targeted by this event.
	Type     unsafe.Pointer // The type of call number used to check the access on the target process.
	Flavor   int            // A representation of the information sought by a process based on the type member of [es_event_proc_check_t](<doc://com.apple.endpointsecurity/documentation/EndpointSecurity/es_event_proc_check_t>).
	Reserved uint8          // An unused field reserved for future use.

}

Es_event_proc_check_t - A type that indicates the call used and the data returned when a process checks on the access of the target process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_proc_check_t

type Es_event_proc_suspend_resume_t 

type Es_event_proc_suspend_resume_t struct {
	Target   *Es_process_t  // The process targeted by this event.
	Type     unsafe.Pointer // The type of event: suspend, resume, or socket shutdown.
	Reserved uint8          // An unused field reserved for future use.

}

Es_event_proc_suspend_resume_t - A type for an event that indicates a call to suspend, resume, or shut down sockets for a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_proc_suspend_resume_t

type Es_event_profile_add_t 

type Es_event_profile_add_t struct {
	Instigator       *Es_process_t
	Is_update        bool
	Profile          *Es_profile_t
	Instigator_token [32]byte
}

Es_event_profile_add_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_profile_add_t

type Es_event_profile_remove_t 

type Es_event_profile_remove_t struct {
	Instigator       *Es_process_t
	Profile          *Es_profile_t
	Instigator_token [32]byte
}

Es_event_profile_remove_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_profile_remove_t

type Es_event_pty_close_t 

type Es_event_pty_close_t struct {
	Dev      int32 // The major and minor numbers of the device.
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_pty_close_t - A type for an event that indicates the closing of a pseudoterminal device.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_pty_close_t

type Es_event_pty_grant_t 

type Es_event_pty_grant_t struct {
	Dev      int32 // The major and minor numbers of the device.
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_pty_grant_t - A type for an event that indicates the granting of a pseudoterminal device to a user.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_pty_grant_t

type Es_event_readdir_t 

type Es_event_readdir_t struct {
	Target   *Es_file_t // The directory from which to read contents.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_readdir_t - A type for an event that indicates the reading of a file-system directory.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_readdir_t 

type Es_event_readlink_t struct {
	Source   *Es_file_t // The source file pointed to by the link.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_readlink_t - A type for an event that indicates the reading of a symbolic link.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_readlink_t

type Es_event_remote_thread_create_t 

type Es_event_remote_thread_create_t struct {
	Target       *Es_process_t      // The process targeted to spawn a new thread.
	Thread_state *Es_thread_state_t // The new thread’s state.
	Reserved     uint8              // An unused field reserved for future use.

}

Es_event_remote_thread_create_t - A type for an event that indicates an attempt by one process to create a thread in another process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_remote_thread_create_t

type Es_event_remount_t 

type Es_event_remount_t struct {
	Statfs        objectivec.IObject // The statistics of the remounted file system.
	Remount_flags uint64
	Disposition   unsafe.Pointer
	Reserved      uint8 // An unused field reserved for future use.

}

Es_event_remount_t - A type for an event that indicates the unmounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_remount_t

type Es_event_rename_t 

type Es_event_rename_t struct {
	Source           *Es_file_t        // The source file to rename.
	Destination_type EsDestinationType // A property that indicates whether the destination is a new path or an existing file.
	Destination      [24]byte          // The destination of the rename operation.
	Reserved         uint8             // An unused field reserved for future use.
	Existing_file    *Es_file_t
	New_path         unsafe.Pointer
	Dir              *Es_file_t
	Filename         Es_string_token_t
}

Es_event_rename_t - A type for an event that indicates the renaming of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_rename_t

type Es_event_screensharing_attach_t 

type Es_event_screensharing_attach_t struct {
	Success                 bool
	Source_address_type     unsafe.Pointer
	Source_address          Es_string_token_t
	Viewer_appleid          Es_string_token_t
	Authentication_type     Es_string_token_t
	Authentication_username Es_string_token_t
	Session_username        Es_string_token_t
	Existing_session        bool
	Graphical_session_id    Es_graphical_session_id_t
}

Es_event_screensharing_attach_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_screensharing_attach_t

type Es_event_screensharing_detach_t 

type Es_event_screensharing_detach_t struct {
	Source_address_type  unsafe.Pointer
	Source_address       Es_string_token_t
	Viewer_appleid       Es_string_token_t
	Graphical_session_id Es_graphical_session_id_t
}

Es_event_screensharing_detach_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_screensharing_detach_t

type Es_event_searchfs_t 

type Es_event_searchfs_t struct {
	Attrlist kernel.Attrlist // The attributes used to perform the file system search.
	Target   *Es_file_t      // The volume to search.
	Reserved uint8           // An unused field reserved for future use.

}

Es_event_searchfs_t - A type for an event that indicates searching a volume or mounted file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_searchfs_t

type Es_event_setacl_t 

type Es_event_setacl_t struct {
	Target       *Es_file_t     // The file containing the access control list to set or clear.
	Set_or_clear unsafe.Pointer // The access control list action represented by the event, either setting or clearing values.
	Acl          [8]byte        // A union containing a settable access control list structure.
	Reserved     uint8          // An unused field reserved for future use.
	Set          unsafe.Pointer
}

Es_event_setacl_t - A type for an event that indicates the setting of a file’s access control list.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setacl_t

type Es_event_setattrlist_t 

type Es_event_setattrlist_t struct {
	Attrlist kernel.Attrlist // The attributes to set, such as volume, directory, file, and fork attributes.
	Target   *Es_file_t      // The source file of this event.
	Reserved uint8           // An unused field reserved for future use.

}

Es_event_setattrlist_t - A type for an event that indicates the setting of a file attribute.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setattrlist_t

type Es_event_setegid_t 

type Es_event_setegid_t struct {
	Egid     uint32 // The effective group ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_setegid_t - A type for an event that indicates the setting of a process’s effective group ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setegid_t

type Es_event_seteuid_t 

type Es_event_seteuid_t struct {
	Euid     uint32 // The effective user ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_seteuid_t - A type for an event that indicates the setting of a process’s effective user ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_seteuid_t

type Es_event_setextattr_t 

type Es_event_setextattr_t struct {
	Target   *Es_file_t        // The file containing extended attributes to set.
	Extattr  Es_string_token_t // The extended attribute.
	Reserved uint8             // An unused field reserved for future use.

}

Es_event_setextattr_t - A type for an event that indicates the setting of a file’s extended attribute.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setextattr_t

type Es_event_setflags_t 

type Es_event_setflags_t struct {
	Flags    uint32     // The flags to set on the file.
	Target   *Es_file_t // The source file of this event.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_setflags_t - A type for an event that indicates the setting of a file’s flags.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setflags_t

type Es_event_setgid_t 

type Es_event_setgid_t struct {
	Gid      uint32 // The group ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_setgid_t - A type for an event that indicates the setting of a process’s group ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setgid_t

type Es_event_setmode_t 

type Es_event_setmode_t struct {
	Mode     uint16     // The mode to set on the file.
	Target   *Es_file_t // The source file of the event.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_setmode_t - A type for an event that indicates the setting of a file’s mode.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setmode_t

type Es_event_setowner_t 

type Es_event_setowner_t struct {
	Uid      uint32     // The user identifier to set.
	Gid      uint32     // The group identifier to set.
	Target   *Es_file_t // The file with ownership metadata to set.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_setowner_t - A type for an event that indicates the setting of a file’s owner.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setowner_t

type Es_event_setregid_t 

type Es_event_setregid_t struct {
	Rgid     uint32 // The real group ID.
	Egid     uint32 // The effective group ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_setregid_t - A type for an event that indicates the setting of a process’s real and effective group IDs.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setregid_t

type Es_event_setreuid_t 

type Es_event_setreuid_t struct {
	Ruid     uint32 // The real user ID.
	Euid     uint32 // The effective user ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_setreuid_t - A type for an event that indicates the setting of a process’s real and effective user IDs.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setreuid_t

type Es_event_settime_t 

type Es_event_settime_t struct {
	Reserved uint8 // An unused field reserved for future use.

}

Es_event_settime_t - A type for an event that indicates the modification of the system time.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_settime_t

type Es_event_setuid_t 

type Es_event_setuid_t struct {
	Uid      uint32 // The user ID.
	Reserved uint8  // An unused field reserved for future use.

}

Es_event_setuid_t - A type for an event that indicates the setting of a process’s user ID.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_setuid_t

type Es_event_signal_t 

type Es_event_signal_t struct {
	Sig        int           // The signal number sent to the target process.
	Target     *Es_process_t // The process that the signal targets.
	Instigator *Es_process_t
	Reserved   uint8 // An unused field reserved for future use.

}

Es_event_signal_t - A type for an event that indicates the sending of a signal to a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_signal_t

type Es_event_stat_t 

type Es_event_stat_t struct {
	Target   *Es_file_t // The file with status to retrieve.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_stat_t - A type for an event that indicates the retrieval of a file’s status.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_stat_t

type Es_event_su_t 

type Es_event_su_t struct {
	Success         bool
	Failure_message Es_string_token_t
	From_uid        uint32
	From_username   Es_string_token_t
	Has_to_uid      bool
	To_username     Es_string_token_t
	Shell           Es_string_token_t
	Argc            uintptr
	Argv            *Es_string_token_t
	Env_count       uintptr
	Env             *Es_string_token_t
	To_uid          [4]byte
	Uid             uint32
}

Es_event_su_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_su_t

type Es_event_sudo_t 

type Es_event_sudo_t struct {
	Success       bool
	Reject_info   *Es_sudo_reject_info_t
	Has_from_uid  bool
	From_username Es_string_token_t
	Has_to_uid    bool
	To_username   Es_string_token_t
	Command       Es_string_token_t
	From_uid      [4]byte
	To_uid        [4]byte
	Uid           uint32
}

Es_event_sudo_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_sudo_t

type Es_event_tcc_modify_t 

type Es_event_tcc_modify_t struct {
	Service           Es_string_token_t
	Identity          Es_string_token_t
	Identity_type     unsafe.Pointer // es_tcc_identity_type_t
	Update_type       unsafe.Pointer
	Instigator_token  [32]byte
	Instigator        *Es_process_t
	Responsible_token *[32]byte
	Responsible       *Es_process_t
	Right             unsafe.Pointer // ess_tcc_authorization_right_t
	Reason            unsafe.Pointer // ess_tcc_authorization_reason_t

}

Es_event_tcc_modify_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_tcc_modify_t

type Es_event_trace_t 

type Es_event_trace_t struct {
	Target   *Es_process_t // The process receiving the attach.
	Reserved uint8         // An unused field reserved for future use.

}

Es_event_trace_t - A type for an event that indicates an attempt by one process to attach to another process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_trace_t

type Es_event_truncate_t 

type Es_event_truncate_t struct {
	Target   *Es_file_t // The source file of this event.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_truncate_t - A type for an event that indicates the truncation of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_truncate_t

type Es_event_uipc_bind_t 

type Es_event_uipc_bind_t struct {
	Dir      *Es_file_t        // The directory containing the socket file.
	Filename Es_string_token_t // The name of the socket file.
	Mode     uint16            // The mode of the socket file.
	Reserved uint8             // An unused field reserved for future use.

}

Es_event_uipc_bind_t - A type for an event that indicates the binding of a socket to a path.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_uipc_bind_t

type Es_event_uipc_connect_t 

type Es_event_uipc_connect_t struct {
	File     *Es_file_t // The socket file bound to the socket.
	Domain   int        // The communications domain of the socket.
	Type     int        // The type of the socket.
	Protocol int        // The protocol of the socket.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_uipc_connect_t - A type for an event that indicates the connection of a socket.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_uipc_connect_t 

type Es_event_unlink_t struct {
	Target     *Es_file_t // The file to unlink.
	Parent_dir *Es_file_t // The directory that contains the file to unlink.
	Reserved   uint8      // An unused field reserved for future use.

}

Es_event_unlink_t - A type for an event that indicates the deletion of a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_unlink_t

type Es_event_unmount_t 

type Es_event_unmount_t struct {
	Statfs   objectivec.IObject // The statistics of the unmounted file system.
	Reserved uint8              // An unused field reserved for future use.

}

Es_event_unmount_t - A type for an event that indicates the unmounting of a file system.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_unmount_t

type Es_event_utimes_t 

type Es_event_utimes_t struct {
	Target   *Es_file_t       // The file with time metadata to modify.
	Atime    syscall.Timespec // The new last-accessed time.
	Mtime    syscall.Timespec // The new last-modified time.
	Reserved uint8            // An unused field reserved for future use.

}

Es_event_utimes_t - A type for an event that indicates a change to a file’s access time or modification time.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_utimes_t

type Es_event_write_t 

type Es_event_write_t struct {
	Target   *Es_file_t // The source file of the event.
	Reserved uint8      // An unused field reserved for future use.

}

Es_event_write_t - A type for an event that indicates the writing of data to a file.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_write_t

type Es_event_xp_malware_detected_t 

type Es_event_xp_malware_detected_t struct {
	Signature_version   Es_string_token_t
	Malware_identifier  Es_string_token_t
	Incident_identifier Es_string_token_t
	Detected_path       Es_string_token_t
	Detected_executable Es_string_token_t
}

Es_event_xp_malware_detected_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xp_malware_detected_t

type Es_event_xp_malware_remediated_t 

type Es_event_xp_malware_remediated_t struct {
	Signature_version              Es_string_token_t
	Malware_identifier             Es_string_token_t
	Incident_identifier            Es_string_token_t
	Action_type                    Es_string_token_t
	Success                        bool
	Result_description             Es_string_token_t
	Remediated_path                Es_string_token_t
	Remediated_process_audit_token *[32]byte
}

Es_event_xp_malware_remediated_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xp_malware_remediated_t

type Es_event_xpc_connect_t 

type Es_event_xpc_connect_t struct {
	Service_name        Es_string_token_t
	Service_domain_type unsafe.Pointer
}

Es_event_xpc_connect_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_event_xpc_connect_t

type Es_events_t added in v0.5.1 

type Es_events_t [104]byte

Es_events_t is a C union type. A C union of event-specific types.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_events_t

func (*Es_events_t) Access added in v0.5.1 

func (u *Es_events_t) Access() *Es_event_access_t

Access returns the union interpreted as *Es_event_access_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Authentication added in v0.5.1 

func (u *Es_events_t) Authentication() *Es_event_authentication_t

Authentication returns the union interpreted as *Es_event_authentication_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Authorization_judgement added in v0.5.1 

func (u *Es_events_t) Authorization_judgement() *Es_event_authorization_judgement_t

Authorization_judgement returns the union interpreted as *Es_event_authorization_judgement_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Authorization_petition added in v0.5.1 

func (u *Es_events_t) Authorization_petition() *Es_event_authorization_petition_t

Authorization_petition returns the union interpreted as *Es_event_authorization_petition_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Btm_launch_item_add added in v0.5.1 

func (u *Es_events_t) Btm_launch_item_add() *Es_event_btm_launch_item_add_t

Btm_launch_item_add returns the union interpreted as *Es_event_btm_launch_item_add_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Btm_launch_item_remove added in v0.5.1 

func (u *Es_events_t) Btm_launch_item_remove() *Es_event_btm_launch_item_remove_t

Btm_launch_item_remove returns the union interpreted as *Es_event_btm_launch_item_remove_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Chdir added in v0.5.1 

func (u *Es_events_t) Chdir() *Es_event_chdir_t

Chdir returns the union interpreted as *Es_event_chdir_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Chroot added in v0.5.1 

func (u *Es_events_t) Chroot() *Es_event_chroot_t

Chroot returns the union interpreted as *Es_event_chroot_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Clone added in v0.5.1 

func (u *Es_events_t) Clone() *Es_event_clone_t

Clone returns the union interpreted as *Es_event_clone_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Close added in v0.5.1 

func (u *Es_events_t) Close() *Es_event_close_t

Close returns the union interpreted as *Es_event_close_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Copyfile added in v0.5.1 

func (u *Es_events_t) Copyfile() *Es_event_copyfile_t

Copyfile returns the union interpreted as *Es_event_copyfile_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Create added in v0.5.1 

func (u *Es_events_t) Create() *Es_event_create_t

Create returns the union interpreted as *Es_event_create_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Cs_invalidated added in v0.5.1 

func (u *Es_events_t) Cs_invalidated() *Es_event_cs_invalidated_t

Cs_invalidated returns the union interpreted as *Es_event_cs_invalidated_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Deleteextattr added in v0.5.1 

func (u *Es_events_t) Deleteextattr() *Es_event_deleteextattr_t

Deleteextattr returns the union interpreted as *Es_event_deleteextattr_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Dup added in v0.5.1 

func (u *Es_events_t) Dup() *Es_event_dup_t

Dup returns the union interpreted as *Es_event_dup_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Exchangedata added in v0.5.1 

func (u *Es_events_t) Exchangedata() *Es_event_exchangedata_t

Exchangedata returns the union interpreted as *Es_event_exchangedata_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Exec added in v0.5.1 

func (u *Es_events_t) Exec() *Es_event_exec_t

Exec returns the union interpreted as *Es_event_exec_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Exit added in v0.5.1 

func (u *Es_events_t) Exit() *Es_event_exit_t

Exit returns the union interpreted as *Es_event_exit_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Fcntl added in v0.5.1 

func (u *Es_events_t) Fcntl() *Es_event_fcntl_t

Fcntl returns the union interpreted as *Es_event_fcntl_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) File_provider_materialize added in v0.5.1 

func (u *Es_events_t) File_provider_materialize() *Es_event_file_provider_materialize_t

File_provider_materialize returns the union interpreted as *Es_event_file_provider_materialize_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) File_provider_update added in v0.5.1 

func (u *Es_events_t) File_provider_update() *Es_event_file_provider_update_t

File_provider_update returns the union interpreted as *Es_event_file_provider_update_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Fork added in v0.5.1 

func (u *Es_events_t) Fork() *Es_event_fork_t

Fork returns the union interpreted as *Es_event_fork_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Fsgetpath added in v0.5.1 

func (u *Es_events_t) Fsgetpath() *Es_event_fsgetpath_t

Fsgetpath returns the union interpreted as *Es_event_fsgetpath_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Gatekeeper_user_override added in v0.5.1 

func (u *Es_events_t) Gatekeeper_user_override() *Es_event_gatekeeper_user_override_t

Gatekeeper_user_override returns the union interpreted as *Es_event_gatekeeper_user_override_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Get_task added in v0.5.1 

func (u *Es_events_t) Get_task() *Es_event_get_task_t

Get_task returns the union interpreted as *Es_event_get_task_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Get_task_inspect added in v0.5.1 

func (u *Es_events_t) Get_task_inspect() *Es_event_get_task_inspect_t

Get_task_inspect returns the union interpreted as *Es_event_get_task_inspect_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Get_task_name added in v0.5.1 

func (u *Es_events_t) Get_task_name() *Es_event_get_task_name_t

Get_task_name returns the union interpreted as *Es_event_get_task_name_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Get_task_read added in v0.5.1 

func (u *Es_events_t) Get_task_read() *Es_event_get_task_read_t

Get_task_read returns the union interpreted as *Es_event_get_task_read_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Getattrlist added in v0.5.1 

func (u *Es_events_t) Getattrlist() *Es_event_getattrlist_t

Getattrlist returns the union interpreted as *Es_event_getattrlist_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Getextattr added in v0.5.1 

func (u *Es_events_t) Getextattr() *Es_event_getextattr_t

Getextattr returns the union interpreted as *Es_event_getextattr_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Iokit_open added in v0.5.1 

func (u *Es_events_t) Iokit_open() *Es_event_iokit_open_t

Iokit_open returns the union interpreted as *Es_event_iokit_open_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Kextload added in v0.5.1 

func (u *Es_events_t) Kextload() *Es_event_kextload_t

Kextload returns the union interpreted as *Es_event_kextload_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Kextunload added in v0.5.1 

func (u *Es_events_t) Kextunload() *Es_event_kextunload_t

Kextunload returns the union interpreted as *Es_event_kextunload_t. The returned pointer aliases the receiver's memory. 

func (u *Es_events_t) Link() *Es_event_link_t

Link returns the union interpreted as *Es_event_link_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Listextattr added in v0.5.1 

func (u *Es_events_t) Listextattr() *Es_event_listextattr_t

Listextattr returns the union interpreted as *Es_event_listextattr_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Login_login added in v0.5.1 

func (u *Es_events_t) Login_login() *Es_event_login_login_t

Login_login returns the union interpreted as *Es_event_login_login_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Login_logout added in v0.5.1 

func (u *Es_events_t) Login_logout() *Es_event_login_logout_t

Login_logout returns the union interpreted as *Es_event_login_logout_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Lookup added in v0.5.1 

func (u *Es_events_t) Lookup() *Es_event_lookup_t

Lookup returns the union interpreted as *Es_event_lookup_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Lw_session_lock added in v0.5.1 

func (u *Es_events_t) Lw_session_lock() *Es_event_lw_session_lock_t

Lw_session_lock returns the union interpreted as *Es_event_lw_session_lock_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Lw_session_login added in v0.5.1 

func (u *Es_events_t) Lw_session_login() *Es_event_lw_session_login_t

Lw_session_login returns the union interpreted as *Es_event_lw_session_login_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Lw_session_logout added in v0.5.1 

func (u *Es_events_t) Lw_session_logout() *Es_event_lw_session_logout_t

Lw_session_logout returns the union interpreted as *Es_event_lw_session_logout_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Lw_session_unlock added in v0.5.1 

func (u *Es_events_t) Lw_session_unlock() *Es_event_lw_session_unlock_t

Lw_session_unlock returns the union interpreted as *Es_event_lw_session_unlock_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Mmap added in v0.5.1 

func (u *Es_events_t) Mmap() *Es_event_mmap_t

Mmap returns the union interpreted as *Es_event_mmap_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Mount added in v0.5.1 

func (u *Es_events_t) Mount() *Es_event_mount_t

Mount returns the union interpreted as *Es_event_mount_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Mprotect added in v0.5.1 

func (u *Es_events_t) Mprotect() *Es_event_mprotect_t

Mprotect returns the union interpreted as *Es_event_mprotect_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_attribute_set added in v0.5.1 

func (u *Es_events_t) Od_attribute_set() *Es_event_od_attribute_set_t

Od_attribute_set returns the union interpreted as *Es_event_od_attribute_set_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_attribute_value_add added in v0.5.1 

func (u *Es_events_t) Od_attribute_value_add() *Es_event_od_attribute_value_add_t

Od_attribute_value_add returns the union interpreted as *Es_event_od_attribute_value_add_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_attribute_value_remove added in v0.5.1 

func (u *Es_events_t) Od_attribute_value_remove() *Es_event_od_attribute_value_remove_t

Od_attribute_value_remove returns the union interpreted as *Es_event_od_attribute_value_remove_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_create_group added in v0.5.1 

func (u *Es_events_t) Od_create_group() *Es_event_od_create_group_t

Od_create_group returns the union interpreted as *Es_event_od_create_group_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_create_user added in v0.5.1 

func (u *Es_events_t) Od_create_user() *Es_event_od_create_user_t

Od_create_user returns the union interpreted as *Es_event_od_create_user_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_delete_group added in v0.5.1 

func (u *Es_events_t) Od_delete_group() *Es_event_od_delete_group_t

Od_delete_group returns the union interpreted as *Es_event_od_delete_group_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_delete_user added in v0.5.1 

func (u *Es_events_t) Od_delete_user() *Es_event_od_delete_user_t

Od_delete_user returns the union interpreted as *Es_event_od_delete_user_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_disable_user added in v0.5.1 

func (u *Es_events_t) Od_disable_user() *Es_event_od_disable_user_t

Od_disable_user returns the union interpreted as *Es_event_od_disable_user_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_enable_user added in v0.5.1 

func (u *Es_events_t) Od_enable_user() *Es_event_od_enable_user_t

Od_enable_user returns the union interpreted as *Es_event_od_enable_user_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_group_add added in v0.5.1 

func (u *Es_events_t) Od_group_add() *Es_event_od_group_add_t

Od_group_add returns the union interpreted as *Es_event_od_group_add_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_group_remove added in v0.5.1 

func (u *Es_events_t) Od_group_remove() *Es_event_od_group_remove_t

Od_group_remove returns the union interpreted as *Es_event_od_group_remove_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_group_set added in v0.5.1 

func (u *Es_events_t) Od_group_set() *Es_event_od_group_set_t

Od_group_set returns the union interpreted as *Es_event_od_group_set_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Od_modify_password added in v0.5.1 

func (u *Es_events_t) Od_modify_password() *Es_event_od_modify_password_t

Od_modify_password returns the union interpreted as *Es_event_od_modify_password_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Open added in v0.5.1 

func (u *Es_events_t) Open() *Es_event_open_t

Open returns the union interpreted as *Es_event_open_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Openssh_login added in v0.5.1 

func (u *Es_events_t) Openssh_login() *Es_event_openssh_login_t

Openssh_login returns the union interpreted as *Es_event_openssh_login_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Openssh_logout added in v0.5.1 

func (u *Es_events_t) Openssh_logout() *Es_event_openssh_logout_t

Openssh_logout returns the union interpreted as *Es_event_openssh_logout_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Proc_check added in v0.5.1 

func (u *Es_events_t) Proc_check() *Es_event_proc_check_t

Proc_check returns the union interpreted as *Es_event_proc_check_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Proc_suspend_resume added in v0.5.1 

func (u *Es_events_t) Proc_suspend_resume() *Es_event_proc_suspend_resume_t

Proc_suspend_resume returns the union interpreted as *Es_event_proc_suspend_resume_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Profile_add added in v0.5.1 

func (u *Es_events_t) Profile_add() *Es_event_profile_add_t

Profile_add returns the union interpreted as *Es_event_profile_add_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Profile_remove added in v0.5.1 

func (u *Es_events_t) Profile_remove() *Es_event_profile_remove_t

Profile_remove returns the union interpreted as *Es_event_profile_remove_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Pty_close added in v0.5.1 

func (u *Es_events_t) Pty_close() *Es_event_pty_close_t

Pty_close returns the union interpreted as *Es_event_pty_close_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Pty_grant added in v0.5.1 

func (u *Es_events_t) Pty_grant() *Es_event_pty_grant_t

Pty_grant returns the union interpreted as *Es_event_pty_grant_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Readdir added in v0.5.1 

func (u *Es_events_t) Readdir() *Es_event_readdir_t

Readdir returns the union interpreted as *Es_event_readdir_t. The returned pointer aliases the receiver's memory. 

func (u *Es_events_t) Readlink() *Es_event_readlink_t

Readlink returns the union interpreted as *Es_event_readlink_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Remote_thread_create added in v0.5.1 

func (u *Es_events_t) Remote_thread_create() *Es_event_remote_thread_create_t

Remote_thread_create returns the union interpreted as *Es_event_remote_thread_create_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Remount added in v0.5.1 

func (u *Es_events_t) Remount() *Es_event_remount_t

Remount returns the union interpreted as *Es_event_remount_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Rename added in v0.5.1 

func (u *Es_events_t) Rename() *Es_event_rename_t

Rename returns the union interpreted as *Es_event_rename_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Screensharing_attach added in v0.5.1 

func (u *Es_events_t) Screensharing_attach() *Es_event_screensharing_attach_t

Screensharing_attach returns the union interpreted as *Es_event_screensharing_attach_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Screensharing_detach added in v0.5.1 

func (u *Es_events_t) Screensharing_detach() *Es_event_screensharing_detach_t

Screensharing_detach returns the union interpreted as *Es_event_screensharing_detach_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Searchfs added in v0.5.1 

func (u *Es_events_t) Searchfs() *Es_event_searchfs_t

Searchfs returns the union interpreted as *Es_event_searchfs_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setacl added in v0.5.1 

func (u *Es_events_t) Setacl() *Es_event_setacl_t

Setacl returns the union interpreted as *Es_event_setacl_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setattrlist added in v0.5.1 

func (u *Es_events_t) Setattrlist() *Es_event_setattrlist_t

Setattrlist returns the union interpreted as *Es_event_setattrlist_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setegid added in v0.5.1 

func (u *Es_events_t) Setegid() *Es_event_setegid_t

Setegid returns the union interpreted as *Es_event_setegid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Seteuid added in v0.5.1 

func (u *Es_events_t) Seteuid() *Es_event_seteuid_t

Seteuid returns the union interpreted as *Es_event_seteuid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setextattr added in v0.5.1 

func (u *Es_events_t) Setextattr() *Es_event_setextattr_t

Setextattr returns the union interpreted as *Es_event_setextattr_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setflags added in v0.5.1 

func (u *Es_events_t) Setflags() *Es_event_setflags_t

Setflags returns the union interpreted as *Es_event_setflags_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setgid added in v0.5.1 

func (u *Es_events_t) Setgid() *Es_event_setgid_t

Setgid returns the union interpreted as *Es_event_setgid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setmode added in v0.5.1 

func (u *Es_events_t) Setmode() *Es_event_setmode_t

Setmode returns the union interpreted as *Es_event_setmode_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setowner added in v0.5.1 

func (u *Es_events_t) Setowner() *Es_event_setowner_t

Setowner returns the union interpreted as *Es_event_setowner_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setregid added in v0.5.1 

func (u *Es_events_t) Setregid() *Es_event_setregid_t

Setregid returns the union interpreted as *Es_event_setregid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setreuid added in v0.5.1 

func (u *Es_events_t) Setreuid() *Es_event_setreuid_t

Setreuid returns the union interpreted as *Es_event_setreuid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Settime added in v0.5.1 

func (u *Es_events_t) Settime() *Es_event_settime_t

Settime returns the union interpreted as *Es_event_settime_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Setuid added in v0.5.1 

func (u *Es_events_t) Setuid() *Es_event_setuid_t

Setuid returns the union interpreted as *Es_event_setuid_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Signal added in v0.5.1 

func (u *Es_events_t) Signal() *Es_event_signal_t

Signal returns the union interpreted as *Es_event_signal_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Stat added in v0.5.1 

func (u *Es_events_t) Stat() *Es_event_stat_t

Stat returns the union interpreted as *Es_event_stat_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Su added in v0.5.1 

func (u *Es_events_t) Su() *Es_event_su_t

Su returns the union interpreted as *Es_event_su_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Sudo added in v0.5.1 

func (u *Es_events_t) Sudo() *Es_event_sudo_t

Sudo returns the union interpreted as *Es_event_sudo_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Tcc_modify added in v0.5.1 

func (u *Es_events_t) Tcc_modify() *Es_event_tcc_modify_t

Tcc_modify returns the union interpreted as *Es_event_tcc_modify_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Trace added in v0.5.1 

func (u *Es_events_t) Trace() *Es_event_trace_t

Trace returns the union interpreted as *Es_event_trace_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Truncate added in v0.5.1 

func (u *Es_events_t) Truncate() *Es_event_truncate_t

Truncate returns the union interpreted as *Es_event_truncate_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Uipc_bind added in v0.5.1 

func (u *Es_events_t) Uipc_bind() *Es_event_uipc_bind_t

Uipc_bind returns the union interpreted as *Es_event_uipc_bind_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Uipc_connect added in v0.5.1 

func (u *Es_events_t) Uipc_connect() *Es_event_uipc_connect_t

Uipc_connect returns the union interpreted as *Es_event_uipc_connect_t. The returned pointer aliases the receiver's memory. 

func (u *Es_events_t) Unlink() *Es_event_unlink_t

Unlink returns the union interpreted as *Es_event_unlink_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Unmount added in v0.5.1 

func (u *Es_events_t) Unmount() *Es_event_unmount_t

Unmount returns the union interpreted as *Es_event_unmount_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Utimes added in v0.5.1 

func (u *Es_events_t) Utimes() *Es_event_utimes_t

Utimes returns the union interpreted as *Es_event_utimes_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Write added in v0.5.1 

func (u *Es_events_t) Write() *Es_event_write_t

Write returns the union interpreted as *Es_event_write_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Xp_malware_detected added in v0.5.1 

func (u *Es_events_t) Xp_malware_detected() *Es_event_xp_malware_detected_t

Xp_malware_detected returns the union interpreted as *Es_event_xp_malware_detected_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Xp_malware_remediated added in v0.5.1 

func (u *Es_events_t) Xp_malware_remediated() *Es_event_xp_malware_remediated_t

Xp_malware_remediated returns the union interpreted as *Es_event_xp_malware_remediated_t. The returned pointer aliases the receiver's memory.

func (*Es_events_t) Xpc_connect added in v0.5.1 

func (u *Es_events_t) Xpc_connect() *Es_event_xpc_connect_t

Xpc_connect returns the union interpreted as *Es_event_xpc_connect_t. The returned pointer aliases the receiver's memory.

type Es_fd_t 

type Es_fd_t struct {
	Fd      int32  // The file descriptor number.
	Fdtype  uint32 // The file descriptor type, as a libproc type.
	Pipe    unsafe.Pointer
	Pipe_id uint64
}

Es_fd_t - A structure that describes an open file descriptor.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_fd_t

func Es_exec_fd 

func Es_exec_fd(event *Es_event_exec_t, index uint32) *Es_fd_t

Es_exec_fd gets the file descriptor at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_fd(_:_:)

type Es_file_t 

type Es_file_t struct {
	Path           Es_string_token_t // The file’s path.
	Path_truncated bool              // A Boolean value that indicates whether Endpoint Security truncated the path string.
	Stat           kernel.Stat       // The file’s metadata, such as file size, user and group identifiers, and access and modification dates.

}

Es_file_t - A type that represents a file related to an Endpoint Security event.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_file_t

type Es_graphical_session_id_t 

type Es_graphical_session_id_t = uint32

See: https://developer.apple.com/documentation/EndpointSecurity/es_graphical_session_id_t

type Es_handler_block_t 

type Es_handler_block_t = func(*Es_client_t, *Es_message_t)

Es_handler_block_t is a block that handles a message received from Endpoint Security.

See: https://developer.apple.com/documentation/EndpointSecurity/es_handler_block_t

type Es_message_t 

type Es_message_t struct {
	Version        uint32           // The version of the Endpoint Security message.
	Time           syscall.Timespec // The time the event occurred, expressed as a Darwin time value.
	Mach_time      uint64           // The time the event occurred, as a Mach time value.
	Deadline       uint64           // The deadline by which your app must respond to the event.
	Process        *Es_process_t    // The process that performed the action defined in a message.
	Seq_num        uint64           // The sequence number of the message.
	Action_type    EsActionType     // The type of action: authentication or notification.
	Event_type     EsEventType      // The type of the message’s event.
	Event          Es_events_t      // The event that triggered this message.
	Thread         *Es_thread_t     // The thread that took the action defined in a message.
	Global_seq_num uint64           // The global sequence number of the message.
	Action         [36]byte         // The action monitored by Endpoint Security.
	Auth           Es_event_id_t
	Notify         Es_result_t
	Opaque         uint64 // An opaque storage field.

}

Es_message_t - A message from the Endpoint Security subsystem that describes a security event.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_message_t

type Es_muted_path_t 

type Es_muted_path_t struct {
	Type        EsMutePathType    // The path type: prefix or literal.
	Event_count uintptr           // The number of elements in the muted events array.
	Path        Es_string_token_t // The muted path.
	Events      *EsEventType      // An array containing the muted event types.

}

Es_muted_path_t - A structure that describes a path’s muted events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_path_t

type Es_muted_paths_t 

type Es_muted_paths_t struct {
	Count uintptr          // The number of elements in the paths array.
	Paths *Es_muted_path_t // An array containing the muted paths.

}

Es_muted_paths_t - A structure for a set of muted paths.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_paths_t

type Es_muted_process_t 

type Es_muted_process_t struct {
	Audit_token [32]byte     // The audit token associated with a muted process.
	Event_count uintptr      // The number of elements in the muted events array.
	Events      *EsEventType // An array containing the muted event types.

}

Es_muted_process_t - A structure that describes a process’s muted events.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_process_t

type Es_muted_processes_t 

type Es_muted_processes_t struct {
	Count     uintptr             // The number of elements in the processes array.
	Processes *Es_muted_process_t // An array containing the muted processes.

}

Es_muted_processes_t - A structure for a set of muted processes.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_muted_processes_t

type Es_od_member_id_array_t 

type Es_od_member_id_array_t struct {
	Member_type  unsafe.Pointer
	Member_count uintptr
	Member_array [8]byte
	Names        *Es_string_token_t
	Uuids        unsafe.Pointer
}

Es_od_member_id_array_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_od_member_id_array_t

type Es_od_member_id_t 

type Es_od_member_id_t struct {
	Member_type  unsafe.Pointer
	Member_value [16]byte
	Name         Es_string_token_t
	Uuid         [16]byte
}

Es_od_member_id_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_od_member_id_t

type Es_process_t 

type Es_process_t struct {
	Audit_token             [32]byte          // A token for use with Basic Security Module auditing functions.
	Ppid                    int32             // The parent process identifier.
	Original_ppid           int32             // The original parent process ID.
	Group_id                int32             // The process group identifier.
	Session_id              int32             // The identifier of the session that contains the process group.
	Codesigning_flags       uint32            // The flags used to sign the process.
	Is_platform_binary      bool              // A Boolean value that indicates whether the process is a platform binary.
	Is_es_client            bool              // A Boolean value that indicates whether the process connects to the Endpoint Security subsystem.
	Cdhash                  Es_cdhash_t       // The code directory hash value.
	Signing_id              Es_string_token_t // The identifier used to sign the process.
	Team_id                 Es_string_token_t // The team identifier used to sign the process.
	Executable              *Es_file_t        // The file containing the executed process.
	Tty                     *Es_file_t        // The TTY associated with the process sending the message.
	Start_time              kernel.Timeval    // The time the process started.
	Responsible_audit_token [32]byte          // The audit token of the process responsible for this process.
	Parent_audit_token      [32]byte          // The audit token of the parent process.
	Cs_validation_category  unsafe.Pointer    // es_cs_validation_category

}

Es_process_t - A type that describes a process, as delivered by an Endpoint Security message.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_process_t

type Es_profile_t 

type Es_profile_t struct {
	Identifier     Es_string_token_t
	Uuid           Es_string_token_t
	Install_source unsafe.Pointer
	Organization   Es_string_token_t
	Display_name   Es_string_token_t
	Scope          Es_string_token_t
}

Es_profile_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_profile_t

type Es_result_t 

type Es_result_t struct {
	Result_type EsResultType // The type of the message’s result.
	Result      [32]byte     // The message’s result, as either an authorization result or flags.
	Auth        unsafe.Pointer
	Flags       uint32
	Reserved    uint8
}

Es_result_t - The result of the Endpoint Security subsystem authorization process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_result_t

type Es_sha256_t 

type Es_sha256_t = unsafe.Pointer

See: https://developer.apple.com/documentation/EndpointSecurity/es_sha256_t

type Es_signed_file_info_t 

type Es_signed_file_info_t struct {
	Cdhash     Es_cdhash_t
	Signing_id Es_string_token_t
	Team_id    Es_string_token_t
}

Es_signed_file_info_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_signed_file_info_t

type Es_statfs_t 

type Es_statfs_t = unsafe.Pointer

Es_statfs_t is this typedef is no longer used, but exists for API backwards compatibility.

See: https://developer.apple.com/documentation/EndpointSecurity/es_statfs_t

type Es_string_token_t 

type Es_string_token_t struct {
	Length uintptr // The size of the data buffer, in bytes.
	Data   *byte   // The string data.

}

Es_string_token_t - A pointer to a null-terminated string, and the length in bytes of that string.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_string_token_t

func Es_exec_arg 

func Es_exec_arg(event *Es_event_exec_t, index uint32) Es_string_token_t

Es_exec_arg gets the argument at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_arg(_:_:)

func Es_exec_env 

func Es_exec_env(event *Es_event_exec_t, index uint32) Es_string_token_t

Es_exec_env gets the environment variable at the specified position from a process execution event.

See: https://developer.apple.com/documentation/EndpointSecurity/es_exec_env(_:_:)

type Es_sudo_reject_info_t 

type Es_sudo_reject_info_t struct {
	Plugin_name     Es_string_token_t
	Plugin_type     unsafe.Pointer
	Failure_message Es_string_token_t
}

Es_sudo_reject_info_t

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_sudo_reject_info_t

type Es_thread_state_t 

type Es_thread_state_t struct {
	Flavor int        // An indication of the representation of the machine-specific thread state.
	State  Es_token_t // The machine-specific thread state.

}

Es_thread_state_t - A description of a thread’s machine-specfiic state.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_thread_state_t

type Es_thread_t 

type Es_thread_t struct {
	Thread_id uint64 // The unique identifier of the thread.

}

Es_thread_t - A structure that represents a thread in a process.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_thread_t

type Es_token_t 

type Es_token_t struct {
	Size uintptr // The size of the data buffer, in bytes.
	Data *uint8  // A data buffer.

}

Es_token_t - An arbitrary buffer of data with its size.

[Full Topic] [Full Topic]: https://developer.apple.com/documentation/EndpointSecurity/es_token_t

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.