github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-24 19:38:52 +00:00
Code Issues Projects Releases Wiki Activity

rule(macro user_known_k8s_client_container): add node-problem-detector pattern to avoid false positive

Browse Source 
Signed-off-by: DingGGu <ggu@dunamu.com>
This commit is contained in:
DingGGu
2020-11-09 11:57:29 +09:00
committed by poiana
parent 0eff0f6003
commit 4954593261
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
rules/falco_rules.yaml
View File

@@ -2876,7 +2876,10 @@
# - k8s.gcr.io/fluentd-gcp-scaler in GCP/GKE
- macro: user_known_k8s_client_container
condition: >
(k8s.ns.name="kube-system" and container.image.repository=k8s.gcr.io/fluentd-gcp-scaler) or
(k8s.ns.name="kube-system" and (
container.image.repository=k8s.gcr.io/fluentd-gcp-scaler or
container.image.repository=k8s.gcr.io/node-problem-detector/node-problem-detector
)) or
container.image.repository=mcr.microsoft.com/aks/hcp/hcp-tunnel-front
- macro: user_known_k8s_client_container_parens