The tlsplaintext Task

default true By default, the tlsplaintext Task publishes the raw payload as a base64 string. By setting this value to "false", the payload will not be published.

payload:false

default false Publish the full container metadata, including labels and annotations.

fullContainer:true

Filtering tlsplaintext to collect by Process PID.

Filtering tlsplaintext to collect by Process Name.

Filtering tlsplaintext to collect by Container ID/UID.

Filtering tlsplaintext to collect by Container Name.

Filtering tlsplaintext to collect by Container Label value or key=value.

Filtering tlsplaintext to collect by Pod ID/UID.

Filtering tlsplaintext to collect by Pod Name.

Filtering tlsplaintext to collect by Pod K8s Namespace.

Filtering tlsplaintext to collect by Pod Label value or key=value.

map Hold the tlsplaintext output.

uint64 Nanosecond-precision relative timestamp of when the event was produced. It is not an absolute timestamp (not Epoch), but it can still be used for precise timestamp comparison.

string Direction of flow, either: RX or TX.

string A unique identifier for the flow by hashing the clientrandom value.

string The length of the flow.

string (optional, see configuration options) The raw payload as a base64 string.

map of string to dynamic Extra meta data produced by the tlsplaintext procedure.

map Holds the Process information.

uint32 Process PID.

uint32 Process Parent PID.

string Process name.

string Command line string.

string Executable name.

string Namespace in the format of {device ID}-{inode number}.

string Time the process started.

map Container information for process (if it is a container).

string ID of Container.

string Name of Container.