Skip to content

Commit 792c92c

Browse files
afek854afek854
committed
updated rule names
Signed-off-by: Afek Berger <[email protected]>
1 parent ff45d67 commit 792c92c

File tree

3 files changed

+535
-555
lines changed

3 files changed

+535
-555
lines changed

tests/chart/templates/node-agent/default-rule-binding.yaml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -15,29 +15,29 @@ spec:
1515
- "kubeconfig"
1616
rules:
1717
- ruleName: "Unexpected process launched"
18-
- ruleName: "Unexpected file access"
18+
- ruleName: "Files Access Anomalies in container"
1919
parameters:
2020
ignoreMounts: true
2121
ignorePrefixes: ["/proc", "/run/secrets/kubernetes.io/serviceaccount", "/var/run/secrets/kubernetes.io/serviceaccount", "/tmp"]
22-
- ruleName: "Unexpected system call"
23-
- ruleName: "Unexpected capability used"
24-
- ruleName: "Unexpected domain request"
25-
- ruleName: "Unexpected Service Account Token Access"
26-
- ruleName: "Kubernetes Client Executed"
27-
- ruleName: "Exec from malicious source"
28-
- ruleName: "Kernel Module Load"
29-
- ruleName: "Exec Binary Not In Base Image"
30-
- ruleName: "Malicious SSH Connection"
31-
- ruleName: "Fileless Execution"
32-
- ruleName: "XMR Crypto Mining Detection"
33-
- ruleName: "Exec from mount"
22+
- ruleName: "Syscalls Anomalies in container"
23+
- ruleName: "Linux Capabilities Anomalies in container"
24+
- ruleName: "DNS Anomalies in container"
25+
- ruleName: "Unexpected service account token access"
26+
- ruleName: "Workload uses Kubernetes API unexpectedly"
27+
- ruleName: "Process executed from malicious source"
28+
- ruleName: "Process tries to load a kernel module"
29+
- ruleName: "Drifted process executed"
30+
- ruleName: "Disallowed ssh connection"
31+
- ruleName: "Fileless execution detected"
32+
- ruleName: "Crypto miner launched"
33+
- ruleName: "Process executed from mount"
3434
- ruleName: "Crypto Mining Related Port Communication"
3535
- ruleName: "Crypto Mining Domain Communication"
3636
- ruleName: "Read Environment Variables from procfs"
3737
- ruleName: "eBPF Program Load"
38-
- ruleName: "Symlink Created Over Sensitive File"
38+
- ruleName: "Soft link created over sensitive file"
3939
- ruleName: "Unexpected Sensitive File Access"
40-
- ruleName: "Hardlink Created Over Sensitive File"
40+
- ruleName: "Hard link created over sensitive file"
4141
- ruleName: "Exec to pod"
4242
- ruleName: "Port forward"
4343
- ruleName: "Unexpected Egress Network Traffic"

0 commit comments

Comments
 (0)