github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-31 14:20:04 +00:00
Code Issues Projects Releases Wiki Activity

Include container image in shell in container rule

Browse Source 
Include the container image in the "run shell in container" rule output.
This commit is contained in:
Mark Stemm
2017-07-05 14:23:10 -07:00
parent f6b3068259
commit 7ae765bfc9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@@ -604,7 +604,7 @@
and not shell_spawning_containers
and not proc.cmdline in (known_container_shell_spawn_cmdlines)
output: >
Shell spawned in a container other than entrypoint (user=%user.name %container.info
Shell spawned in a container other than entrypoint (user=%user.name %container.info image=%container.image
shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline)
priority: NOTICE
tags: [container, shell]