github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-14 14:00:21 +00:00
Code Issues Projects Releases Wiki Activity

update audit level to Metadata for secrets

Browse Source 
Signed-off-by: kaizhe <derek0405@gmail.com>
This commit is contained in:
kaizhe
2020-04-17 11:55:29 -07:00
committed by poiana
parent f7ac7f34b7
commit 3f90188d6e
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
examples/k8s_audit_config/audit-policy.yaml
View File

@@ -56,11 +56,17 @@ rules:
# The empty string "" can be used to select non-namespaced resources. # The empty string "" can be used to select non-namespaced resources.
namespaces: ["kube-system"] namespaces: ["kube-system"]
# Log configmap and secret changes in all other namespaces at the RequestResponse level. # Log configmap changes in all other namespaces at the RequestResponse level.
- level: RequestResponse - level: RequestResponse
resources: resources:
- group: "" # core API group - group: "" # core API group
resources: ["secrets", "configmaps"] resources: ["configmaps"]
# Log secret changes in all other namespaces at the Metadata level.
- level: Metadata
resources:
- group: "" # core API group
resources: ["secrets"]
# Log all other resources in core and extensions at the Request level. # Log all other resources in core and extensions at the Request level.
- level: Request - level: Request