POST /pod/syscalls
Submit a batch of syscall observations. The kguardian controller calls this every 10 seconds with the cache diff (only syscalls not yet sent for the pod). External integrations rarely need it. Body is a JSON array — the broker iterates each entry inside a single transaction, upserting per pod_name (the primary key onpod_syscalls). Entries with empty or whitespace-only pod_name
are skipped with a warn log rather than failing the batch.
Request
GET /pod/syscalls/{name}
Get observed syscalls for a single pod. The actix route capturesname directly — no separate namespace path segment.
Example
Response
, when reading this endpoint.
A name that doesn’t match any rows returns 404 with body
"No data found".