github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-14 05:51:43 +00:00
Code Issues Projects Releases Wiki Activity

rule update (Anonymous Request Allowed): update to checking auth decision equals to allow

Browse Source 
Signed-off-by: kaizhe <derek0405@gmail.com>
This commit is contained in:
kaizhe
2020-06-18 11:51:30 -07:00
committed by poiana
parent 8429256e37
commit dee0cc67f3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/k8s_audit_rules.yaml
View File

@@ -186,7 +186,7 @@
- rule: Anonymous Request Allowed - rule: Anonymous Request Allowed
desc: > desc: >
Detect any request made by the anonymous user that was allowed Detect any request made by the anonymous user that was allowed
condition: kevt and ka.user.name=system:anonymous and ka.auth.decision!=reject and not health_endpoint condition: kevt and ka.user.name=system:anonymous and ka.auth.decision="allow" and not health_endpoint
output: Request by anonymous user allowed (user=%ka.user.name verb=%ka.verb uri=%ka.uri reason=%ka.auth.reason)) output: Request by anonymous user allowed (user=%ka.user.name verb=%ka.verb uri=%ka.uri reason=%ka.auth.reason))
priority: WARNING priority: WARNING
source: k8s_audit source: k8s_audit