github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-04 16:20:18 +00:00
Code Issues Projects Releases Wiki Activity

refactor: add k8saudit plugin and adapt config, tests, and rulesets

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2022-04-22 07:49:39 +00:00
committed by poiana
parent b91ff34b97
commit 67d2fe45a5
8 changed files with 197 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
userspace/engine/rule_loader.cpp
View File

@@ -724,6 +724,7 @@ void rule_loader::compile_rule_infos(
set<uint16_t> evttypes = { ppm_event_type::PPME_PLUGINEVENT_E };
if(rule.source == falco_common::syscall_source)
{
evttypes.clear();
filter_evttype_resolver().evttypes(ast, evttypes);
if ((evttypes.empty() || evttypes.size() > 100)
&& r.warn_evttypes)