mirror of
https://github.com/falcosecurity/falco.git
synced 2025-09-12 21:16:33 +00:00
new(test): regression test for FAL-01-003
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
committed by
poiana
parent
d3c22d3d0c
commit
6e94c37399
@@ -622,4 +622,13 @@ trace_files: !mux
|
||||
- ../rules/k8s_audit_rules.yaml
|
||||
detect_counts:
|
||||
- K8s Secret Deleted: 1
|
||||
trace_file: trace_files/k8s_audit/delete_secret.json
|
||||
trace_file: trace_files/k8s_audit/delete_secret.json
|
||||
|
||||
fal_01_003:
|
||||
detect: False
|
||||
detect_level: INFO
|
||||
rules_file:
|
||||
- ../rules/falco_rules.yaml
|
||||
- ../rules/k8s_audit_rules.yaml
|
||||
trace_file: trace_files/k8s_audit/fal_01_003.json
|
||||
stderr_contains: 'Could not read k8s audit event line #1, "{"kind": 0}": Data not recognized as a k8s audit event, stopping'
|
||||
|
Reference in New Issue
Block a user