Commit Graph

13 Commits

Author SHA1 Message Date
Néstor Salceda
a2319d2b8a Pull image from falcosecurity 2018-10-17 18:10:33 +02:00
Néstor Salceda
8d60d374f7 Add an integration with Phantom (#411)
* Add a Phantom Client which creates containers in Phantom server

* Add a playbook for creating events in Phantom using a Falco alert

* Add a flag for configuring SSL checking

* Add a deployable playbook with Kubeless for integrating with Phantom

* Add a README for Phantom integration

* Use named argument as real parameters.

Just cosmetic for clarification

* Call to lower() before checking for case insensitive comparison

* Add the playbook which creates a container in Phantom

I lose it when rebase the branch :P
2018-10-15 13:37:37 -07:00
Néstor Salceda
e4ffa55d58 Add a playbook which starts to capturing data using Sysdig and uploads capture to a s3 bucket (#414)
* Fix spec name

* Add a playbook for capturing stuff using sysdig in a container

* Add event-name to job name for avoid collisions among captures

* Implement job for starting container in Pod in Kubernetes Client

We are going to pick data for all Pod, not limited to one container

* Use sysdig/capturer image for capture and upload to s3 the capture

* There is a bug with environment string splitting in kubeless

https://github.com/kubeless/kubeless/issues/824

So here is a workaround which uses multiple --env flags, one for each
environment.

* Use shorter job name. Kubernetes limit is 64 characters.

* Add a deployable playbook with Kubeless for capturing stuff with Sysdig

* Document the integration with Sysdig capture

* Add Dockerfile for creating sysdig-capturer
2018-10-11 16:55:40 -07:00
Néstor Salceda
f746c4cd57 Add a integration with Demisto (#408)
* Create a DemistoClient for publishing Falco alerts to Demisto

* Extract a function for extracting description from Falco output

* Add a playbook which creates a Falco alert as a Demisto incident

* Add a Kubeless Demisto Handler for Demisto integration

* Document the integration with Demisto

* Allow changing SSL certificate verification

* Fix naming for playbook specs

* Call to lower() before checking value of VERIFY_SSL. Allow case insensitive.
2018-10-10 10:28:35 -07:00
Mark Stemm
2352b96d6b Change license to Apache 2.0 (#419)
Replace references to GNU Public License to Apache license in:

 - COPYING file
 - README
 - all source code below falco
 - rules files
 - rules and code below test directory
 - code below falco directory
 - entrypoint for docker containers (but not the Dockerfiles)

I didn't generally add copyright notices to all the examples files, as
they aren't core falco. If they did refer to the gpl I changed them to
apache.
2018-09-20 11:47:10 -07:00
Néstor Salceda
8bc4a5e38f Move puppet module from examples to integrations 2018-07-13 13:09:13 +02:00
Néstor Salceda
c05319927a Move kubernetes manifests from examples to integrations 2018-07-13 13:08:38 +02:00
Néstor Salceda
1e32d637b2 Move logrotate from examples to integrations 2018-07-13 13:02:26 +02:00
Jorge Salamero Sanz
ccf35552dd Merge pull request #389 from nestorsalceda/kubernetes-response-engine
Add Kubernetes response engine
2018-07-12 18:55:07 +02:00
Néstor Salceda
46b0fd833c Add a README 2018-07-12 17:56:59 +02:00
Néstor Salceda
bed5993500 Create Falco rule from Anchore policy result
When we are trying to run an image with negative policy result from
Anchore, Falco will alert us.
2018-07-12 17:15:21 +02:00
Néstor Salceda
bed360497e Remove repeated configurations and other stuff
As long as this PR merged, this is not needed:

https://github.com/kubernetes/charts/pull/6600
2018-07-11 17:52:11 +02:00
Néstor Salceda
3afe04629a Move kubernetes_response_engine under integrations
A top level directory for this integration could led to confussion.
2018-07-11 17:49:25 +02:00