Skip to content

Commit

Permalink
Complete Falco alerts
Browse files Browse the repository at this point in the history
It refers to openrca#35 and complete mapping
alerts due to list created in issue

Signed-off-by: Aleksandra Galara <a.galara@samsung.com>
  • Loading branch information
aleksandra-galara committed Apr 20, 2020
1 parent e6067bf commit ea8bb7b
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions helm/orca/config/alerts-mapping.yaml
Original file line number Diff line number Diff line change
@@ -648,6 +648,49 @@ falco:
properties:
name: k8s.pod.name
namespace: k8s.ns.name
- name: "Create HostNetwork Pod"
source_mapping:
origin: kubernetes
kind: pod
properties:
name: ka.resp.name
namespace: ka.target.namespace
- name: "Create/Modify Configmap With Private Credentials"
source_mapping:
origin: kubernetes
kind: config_map
properties:
name: ka.req.configmap.name
- name: "Attach/Exec Pod"
source_mapping:
origin: kubernetes
kind: pod
properties:
name: ka.target.name
namespace: ka.target.namespace
- name: "Create Disallowed Namespace"
source_mapping:
origin: kubernetes
kind: namespace
properties:
name: ka.target.name
- name: "Ingress Object without TLS Certificate Created"
source_mapping:
origin: kubernetes
kind: ingress
properties:
name: ka.target.name
namespace: ka.target.namespace
- name: "Untrusted Node Successfully Joined the Cluster"
source_mapping:
origin: kubernetes
kind: cluster
properties: {}
- name: "Untrusted Node Unsuccessfully Tried to Join the Cluster"
source_mapping:
origin: kubernetes
kind: cluster
properties: {}

elastalert:
mappings:

0 comments on commit ea8bb7b

Please sign in to comment.