github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-04 08:04:49 +00:00
Code Issues Projects Releases Wiki Activity

Include container image in shell in container rule

Browse Source 
Include the container image in the "run shell in container" rule output.
This commit is contained in:
Mark Stemm
2017-07-05 14:23:10 -07:00
parent f6b3068259
commit 7ae765bfc9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@@ -604,7 +604,7 @@
and not shell_spawning_containers and not shell_spawning_containers
and not proc.cmdline in (known_container_shell_spawn_cmdlines) and not proc.cmdline in (known_container_shell_spawn_cmdlines)
output: > output: >
Shell spawned in a container other than entrypoint (user=%user.name %container.info Shell spawned in a container other than entrypoint (user=%user.name %container.info image=%container.image
shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline) shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline)
priority: NOTICE priority: NOTICE
tags: [container, shell] tags: [container, shell]