kubearmor
diff --git a/Diff for: ‎KubeArmor/common/common.go
+9 b/Diff for: ‎KubeArmor/common/common.go
+9
diff --git a/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_bpfeb.go
+16-2 b/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_bpfeb.go
+16-2
diff --git a/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_bpfel.go
+16-2 b/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_bpfel.go
+16-2
diff --git a/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.go
+16-2 b/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_path_bpfeb.go
+16-2
diff --git a/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.go
+16-2 b/Diff for: ‎KubeArmor/enforcer/bpflsm/enforcer_path_bpfel.go
+16-2
diff --git a/Diff for: ‎KubeArmor/feeder/feeder.go
+14-13 b/Diff for: ‎KubeArmor/feeder/feeder.go
+14-13
diff --git a/Diff for: ‎KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.go
+18-2 b/Diff for: ‎KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.go
+18-2
diff --git a/Diff for: ‎KubeArmor/presets/anonmapexec/anonmapexec_bpfel.go
+18-2 b/Diff for: ‎KubeArmor/presets/anonmapexec/anonmapexec_bpfel.go
+18-2
@@ -625,3 +625,12 @@ func GetLabelsFromString(labelString string) (map[string]string, []string) {
 func GetCurrentTimeStamp() uint64 {
 	return uint64(time.Now().UnixNano())
 }
+
+// ============
+// == Feeder ==
+// ============
+
+// IsPresetEnforcer returns true if log is generated by any of preset enforcer
+func IsPresetEnforcer(enforcer string) bool {
+	return strings.Contains(enforcer, "PRESET")
+}
@@ -534,20 +534,21 @@ func (fd *Feeder) PushLog(log tp.Log) {
 	   in case of enforcer = AppArmor only Default Posture logs will be converted to
 	   container/host log depending upon the defaultPostureLogs flag
 	*/
-
-	if (cfg.GlobalCfg.EnforcerAlerts && fd.Enforcer == "BPFLSM" && log.Enforcer == "eBPF Monitor") || (fd.Enforcer != "BPFLSM" && !cfg.GlobalCfg.DefaultPostureLogs) {
-		log = fd.UpdateMatchedPolicy(log)
-		if (log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy") && ((fd.Enforcer == "BPFLSM" && (strings.Contains(log.PolicyName, "DefaultPosture") || !strings.Contains(log.Action, "Audit"))) || (fd.Enforcer != "BPFLSM" && strings.Contains(log.PolicyName, "DefaultPosture"))) {
-			if log.Type == "MatchedPolicy" {
-				log.Type = "ContainerLog"
-			} else if log.Type == "MatchedHostPolicy" {
-				log.Type = "HostLog"
+	if !common.IsPresetEnforcer(log.Enforcer) {
+		if (cfg.GlobalCfg.EnforcerAlerts && fd.Enforcer == "BPFLSM" && log.Enforcer == "") || (fd.Enforcer != "BPFLSM" && !cfg.GlobalCfg.DefaultPostureLogs) {
+			log = fd.UpdateMatchedPolicy(log)
+			if (log.Type == "MatchedPolicy" || log.Type == "MatchedHostPolicy") && ((fd.Enforcer == "BPFLSM" && (strings.Contains(log.PolicyName, "DefaultPosture") || !strings.Contains(log.Action, "Audit"))) || (fd.Enforcer != "BPFLSM" && strings.Contains(log.PolicyName, "DefaultPosture"))) {
+				if log.Type == "MatchedPolicy" {
+					log.Type = "ContainerLog"
+				} else if log.Type == "MatchedHostPolicy" {
+					log.Type = "HostLog"
+				}
+			}
+		} else {
+			log = fd.UpdateMatchedPolicy(log)
+			if fd.Enforcer == "BPFLSM" {
+				log.Enforcer = "BPFLSM"
 			}
-		}
-	} else {
-		log = fd.UpdateMatchedPolicy(log)
-		if fd.Enforcer == "BPFLSM" && !strings.Contains(log.Enforcer, "PRESET") {
-			log.Enforcer = "BPFLSM"
 		}
 	}