github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-16 14:58:31 +00:00
Code Issues Projects Releases Wiki Activity

Updated Falco Alerts (markdown)

Michael Ducy
2018-10-09 23:18:22 -04:00
parent c5e5b0b4d4
commit 33b1d0ef35
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Falco-Alerts.md

@@ -21,6 +21,8 @@ stdout_output:
``` ```
10:20:05.408091526: Warning Sensitive file opened for reading by non-trusted program (user=root command=cat /etc/shadow file=/etc/shadow) 10:20:05.408091526: Warning Sensitive file opened for reading by non-trusted program (user=root command=cat /etc/shadow file=/etc/shadow)
``` ```
Standard output is useful when using Fluentd or Logstash to capture logs from containers. Alerts can then be stored in Elasticsearch, and dashboards can be created to visualize the alerts. For more information, read [this blog post](https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/).
When run in the background via the `-d/--daemon` command line option, standard output messages are discarded. When run in the background via the `-d/--daemon` command line option, standard output messages are discarded.
## File Output ## File Output