github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 07:07:23 +00:00
Code Issues Projects Releases Wiki Activity

new(test): strict json output

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2020-10-09 16:33:54 +02:00 committed by poiana
parent f12210325f
commit 60c322a73d
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
test/falco_tests.yaml
View File

@ -662,6 +662,17 @@ trace_files: !mux
output_strictly_contains: output_strictly_contains:
- stdout: output_files/single_rule_with_cat_write.txt - stdout: output_files/single_rule_with_cat_write.txt
stdout_output_json_strict:
json_output: True
detect: True
detect_level: WARNING
rules_file:
- rules/single_rule.yaml
conf_file: confs/stdout_output.yaml
trace_file: trace_files/cat_write.scap
output_strictly_contains:
- stdout: output_files/single_rule_with_cat_write.json
file_output_strict: file_output_strict:
detect: True detect: True
detect_level: WARNING detect_level: WARNING

8
test/output_files/single_rule_with_cat_write.json Normal file
View File

@ -0,0 +1,8 @@
{"output":"18:17:57.881781397: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881781397Z", "output_fields": {"evt.time":1470327477881781397,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.881785348: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881785348Z", "output_fields": {"evt.time":1470327477881785348,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.881796705: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881796705Z", "output_fields": {"evt.time":1470327477881796705,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.881799840: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.881799840Z", "output_fields": {"evt.time":1470327477881799840,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.882003104: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882003104Z", "output_fields": {"evt.time":1470327477882003104,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.882008208: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882008208Z", "output_fields": {"evt.time":1470327477882008208,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.882045694: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882045694Z", "output_fields": {"evt.time":1470327477882045694,"proc.cmdline":"cat /dev/null"}}
{"output":"18:17:57.882054739: Warning An open was seen (command=cat /dev/null)","priority":"Warning","rule":"open_from_cat","time":"2016-08-04T16:17:57.882054739Z", "output_fields": {"evt.time":1470327477882054739,"proc.cmdline":"cat /dev/null"}}