github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-29 21:48:32 +00:00
Code Issues Projects Releases Wiki Activity

rules update: add fluent/fluentd-kubernetes-daemonset to clear log trusted images

Browse Source 
Signed-off-by: kaizhe <derek0405@gmail.com>
This commit is contained in:
kaizhe
2019-09-23 14:59:30 -07:00
committed by Leo Di Donato
parent c0721b3ac2
commit 79a10ad90e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rules/falco_rules.yaml
View File

@@ -2356,7 +2356,8 @@
condition: (never_true)
- macro: trusted_logging_images
condition: (container.image.repository endswith "splunk/fluentd-hec")
condition: (container.image.repository endswith "splunk/fluentd-hec" or
container.image.repository endswith "fluent/fluentd-kubernetes-daemonset")
- rule: Clear Log Activities
desc: Detect clearing of critical log files