aquasecurity
diff --git a/‎cmd/tracee/cmd/root.go‎
Lines changed: 5 additions & 18 deletions b/‎cmd/tracee/cmd/root.go‎
Lines changed: 5 additions & 18 deletions
diff --git a/‎docs/docs/advanced/data-sources/builtin/dns.md‎
Lines changed: 5 additions & 9 deletions b/‎docs/docs/advanced/data-sources/builtin/dns.md‎
Lines changed: 5 additions & 9 deletions
diff --git a/‎docs/docs/advanced/data-sources/builtin/process-tree.md‎
Lines changed: 10 additions & 11 deletions b/‎docs/docs/advanced/data-sources/builtin/process-tree.md‎
Lines changed: 10 additions & 11 deletions
diff --git a/‎docs/docs/install/config/index.md‎
Lines changed: 9 additions & 16 deletions b/‎docs/docs/install/config/index.md‎
Lines changed: 9 additions & 16 deletions
diff --git a/‎docs/docs/policies/usage/cli.md‎
Lines changed: 8 additions & 5 deletions b/‎docs/docs/policies/usage/cli.md‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎examples/config/global_config.json‎
Lines changed: 9 additions & 3 deletions b/‎examples/config/global_config.json‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎examples/config/global_config.yaml‎
Lines changed: 9 additions & 6 deletions b/‎examples/config/global_config.yaml‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎pkg/cmd/cobra/cobra.go‎
Lines changed: 5 additions & 18 deletions b/‎pkg/cmd/cobra/cobra.go‎
Lines changed: 5 additions & 18 deletions
diff --git a/‎pkg/cmd/flags/config.go‎
Lines changed: 2 additions & 62 deletions b/‎pkg/cmd/flags/config.go‎
Lines changed: 2 additions & 62 deletions
@@ -218,27 +218,14 @@ func initCmd() error {
 		return errfmt.WrapError(err)
 	}
 
-	// Process Tree flags
-
-	rootCmd.Flags().StringArrayP(
-		"proctree",
-		"t",
-		[]string{"source=none"},
-		"[source=[events|signals|both]...]\tControl process tree options",
-	)
-	err = viper.BindPFlag("proctree", rootCmd.Flags().Lookup("proctree"))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
-
-	// DNS Cache flags
+	// Stores flags
 
 	rootCmd.Flags().StringArray(
-		"dnscache",
-		[]string{"none"},
-		"\t\t\t\t\tEnable DNS Cache",
+		flags.StoresFlag,
+		[]string{},
+		"\t\t\t\t\tStores configurations",
 	)
-	err = viper.BindPFlag("dnscache", rootCmd.Flags().Lookup("dnscache"))
+	err = viper.BindPFlag(flags.StoresFlag, rootCmd.Flags().Lookup(flags.StoresFlag))
 	if err != nil {
 		return errfmt.WrapError(err)
 	}
 
@@ -8,24 +8,20 @@ These relations can be queried in signatures through a data source.
 To switch on the `DNS Cache` feature, run the command:
 
 ```bash
-sudo tracee --output option:sort-events --output json --output option:parse-arguments --dnscache enable --events <event_type>
+sudo tracee --output option:sort-events --output json --output option:parse-arguments --stores dns.enabled --events <event_type>
 ```
 
 The underlying structure is populated using the core [net_packet_dns](../../../events/builtin/man/network/net_packet_dns.md) event and its payload.
 
 ## Command Line Option
 
 ```bash
-$ tracee --dnscache help
-Select different options for the DNS cache.
-
 Example:
-  --dnscache enable  | enable with default values (see below).
-  --dnscache size=X  | will cache up to X dns query trees - further queries may be cached regardless (default: 5000).
+  --stores dns.enabled  | enable the DNS cache.
+  --stores dns.size=X   | will cache up to X dns query trees - further queries may be cached regardless (default: 5000).
 
-Use comma OR use the flag multiple times to choose multiple options:
-  --dnscache size=A
-  --dnscache enable
+Use the flag multiple times to choose multiple options:
+  --stores dns.enabled --stores dns.size=5000
 ```
 
 Consider for your usecase, how many query trees would you like to store? If you will frequently check only a few addresses, consider lowering the size.
 
@@ -7,7 +7,7 @@ The `Process Tree` feature offers a structured view of processes and threads act
 To switch on the `Process Tree` feature, run the command:
 
 ```bash
-sudo tracee --output option:sort-events --output json --output option:parse-arguments --proctree source=both --events <event_type>
+sudo tracee --output option:sort-events --output json --output option:parse-arguments --stores process.enabled --stores process.source=both --events <event_type>
 ```
 
 The underlying structure is populated using the core `sched_process_fork`, `sched_process_exec`, and `sched_process_exit` events and their data. There's also an option to bootstrap the process tree through a secondary route using internal signal events.
@@ -27,19 +27,18 @@ The process tree query the procfs upon initialization and during runtime to fill
 
 ```bash
 Example:
-  --proctree source=[none|events|signals|both]
-      none         | process tree is disabled (default).
+  --stores process.enabled        | enable the process tree.
+  --stores process.source=[none|events|signals|both]
+      none         | process tree source is disabled (default).
       events       | process tree is built from events.
       signals      | process tree is built from signals.
       both         | process tree is built from both events and signals.
-  --proctree process-cache=8192   | will cache up to 8192 processes in the tree (LRU cache).
-  --proctree thread-cache=16384   | will cache up to 16384 threads in the tree (LRU cache).
-  --proctree disable-procfs       | will disable procfs entirely.
-  --proctree disable-procfs-query | will disable procfs quering during runtime.
-
-Use comma OR use the flag multiple times to choose multiple options:
-  --proctree source=A,process-cache=B,thread-cache=C
-  --proctree process-cache=X --proctree thread-cache=Y
+  --stores process.processes=8192 | will cache up to 8192 processes in the tree (LRU cache).
+  --stores process.threads=16384  | will cache up to 16384 threads in the tree (LRU cache).
+  --stores process.use-procfs     | will enable procfs initialization and querying.
+
+Use the flag multiple times to choose multiple options:
+  --stores process.enabled --stores process.source=both --stores process.processes=8192
 ```
 
 ## Internal Data Organization
 
@@ -50,17 +50,21 @@ A complete config file with all available options can be found [here](https://gi
     pyroscope: true
   ```
 
-### Process Tree
+### Stores (Process Tree and DNS Cache)
 
-- **`--proctree` (`-t`)**: Controls process tree options.
+- **`--stores`**: Controls process tree and DNS cache options.
 
 
-  __NOTE__: You can view more in the [Process Tree section](../../advanced/data-sources/builtin/process-tree.md).
+  __NOTE__: You can view more in the [Process Tree section](../../advanced/data-sources/builtin/process-tree.md) and [DNS Cache section](../../advanced/data-sources/builtin/dns.md).
 
   YAML:
   ```yaml
-  proctree:
-    - process
+  stores:
+    process:
+      enabled: true
+      source: both
+    dns:
+      enabled: true
   ```
 
 ### Install Path
@@ -109,17 +113,6 @@ A complete config file with all available options can be found [here](https://gi
         socket: /var/run/docker.sock
   ```
 
-### DNS Cache
-
-- **`--dnscache`**: Enables DNS caching in Tracee.
-
-  __NOTE__: You can view more in the [DNS Cache section](../../advanced/data-sources/builtin/dns.md). 
-
-  YAML:
-  ```yaml
-  dnscache: enable
-  ```
-
 ### Capabilities
 
 - **`--capabilities` (`-C`)**: Define specific capabilities for Tracee to run with. This allows you to either bypass, add, or drop certain capabilities based on your security and operational needs.
 
@@ -67,11 +67,14 @@ signatures-dir: ""
 
 capabilities:
     bypass: false
-proctree:
-    source: both
-    cache:
-        process: 8192
-        thread: 8192
+stores:
+    process:
+        enabled: true
+        source: both
+        processes: 8192
+        threads: 8192
+    dns:
+        enabled: false
 
 # logging
 
 
@@ -3,9 +3,15 @@
     "cache": [
         "none"
     ],
-    "proctree": [
-        "none"
-    ],
+    "stores": {
+        "process": {
+            "enabled": false,
+            "source": "none"
+        },
+        "dns": {
+            "enabled": false
+        }
+    },
     "capabilities": [],
     "containers": [],
     "healthz": false,
 
@@ -12,11 +12,15 @@ policy:
   - /path/to/policy.yaml
   #- /path/to/policy-directory
 
-proctree:
-    source: none
-    # cache:
-    #     process: 8192
-    #     thread: 4096
+stores:
+    process:
+        enabled: false
+        source: none
+        # processes: 8192
+        # threads: 4096
+    dns:
+        enabled: false
+        # size: 5000
 
 capabilities:
     bypass: false
@@ -35,7 +39,6 @@ server:
     healthz: true
     pprof: true
     pyroscope: true
-dnscache: enable
 
 containers:
     enrich: false
 
@@ -141,32 +141,19 @@ func GetTraceeRunner(c *cobra.Command, version string) (cmd.Runner, error) {
 	cfg.CgroupFSPath = res.CgroupfsPath
 	cfg.CgroupFSForce = res.CgroupfsForce
 
-	// Process Tree command line flags
-
-	procTreeFlags, err := flags.GetFlagsFromViper("proctree")
-	if err != nil {
-		return runner, err
-	}
-
-	procTree, err := flags.PrepareProcTree(procTreeFlags)
-	if err != nil {
-		return runner, err
-	}
-	cfg.ProcTree = procTree
-
-	// DNS Cache command line flags
-
-	dnsCacheFlags, err := flags.GetFlagsFromViper("dnscache")
+	// Stores command line flags
+	storesFlags, err := flags.GetFlagsFromViper(flags.StoresFlag)
 	if err != nil {
 		return runner, err
 	}
 
-	dnsCache, err := flags.PrepareDnsCache(dnsCacheFlags)
+	stores, err := flags.PrepareStores(storesFlags)
 	if err != nil {
 		return runner, err
 	}
 
-	cfg.DNSCacheConfig = dnsCache
+	cfg.ProcTree = stores.GetProcTreeConfig()
+	cfg.DNSCacheConfig = stores.GetDNSCacheConfig()
 
 	// Capture command line flags - via cobra flag
 
 
@@ -24,8 +24,6 @@ func GetFlagsFromViper(key string) ([]string, error) {
 	switch key {
 	case serverflag.ServerFlag:
 		flagger = &ServerConfig{}
-	case "proctree":
-		flagger = &ProcTreeConfig{}
 	case "capabilities":
 		flagger = &CapabilitiesConfig{}
 	case "containers":
@@ -34,8 +32,8 @@ func GetFlagsFromViper(key string) ([]string, error) {
 		flagger = &LogConfig{}
 	case "output":
 		flagger = &OutputConfig{}
-	case "dnscache":
-		flagger = &DnsCacheConfig{}
+	case "stores":
+		flagger = &StoresConfig{}
 	default:
 		return nil, errfmt.Errorf("unrecognized key: %s", key)
 	}
@@ -160,64 +158,6 @@ func (c *SocketConfig) flags() []string {
 	return flags
 }
 
-//
-// proctree flag
-//
-
-type ProcTreeConfig struct {
-	Source string              `mapstructure:"source"`
-	Cache  ProcTreeCacheConfig `mapstructure:"cache"`
-}
-
-type ProcTreeCacheConfig struct {
-	Process int `mapstructure:"process"`
-	Thread  int `mapstructure:"thread"`
-}
-
-func (c *ProcTreeConfig) flags() []string {
-	flags := make([]string, 0)
-
-	if c.Source != "" {
-		if c.Source == "none" {
-			flags = append(flags, "none")
-		} else {
-			flags = append(flags, fmt.Sprintf("source=%s", c.Source))
-		}
-	}
-	if c.Cache.Process != 0 {
-		flags = append(flags, fmt.Sprintf("process-cache=%d", c.Cache.Process))
-	}
-	if c.Cache.Thread != 0 {
-		flags = append(flags, fmt.Sprintf("thread-cache=%d", c.Cache.Thread))
-	}
-
-	return flags
-}
-
-//
-// dnscache flag
-//
-
-type DnsCacheConfig struct {
-	Enable bool `mapstructure:"enable"`
-	Size   int  `mapstructure:"size"`
-}
-
-func (c *DnsCacheConfig) flags() []string {
-	flags := make([]string, 0)
-
-	if !c.Enable {
-		flags = append(flags, "none")
-		return flags
-	}
-
-	if c.Size != 0 {
-		flags = append(flags, fmt.Sprintf("size=%d", c.Size))
-	}
-
-	return flags
-}
-
 //
 // capabilities flag
 //