Configure the fields exported by events produced for Runtime Threat Detection ( node-agent) #488

henrikrexed · 2025-02-17T17:05:53Z

Overview

Currently the event produced by the Runtime Threat Detection provides lots of details with the k8s metadata, the process details...And more.

Problem

When collecting the logs to a o11ybackend the default size of the strings are limited. Therefore the data is cropped .
All this details consumes bytes exchanged between cloud provider ..and will end up increasing the cloud cost.

Solution

Having an option to configure a list of fields that we would like to export from the event will allow users to decide on the type of details they would like to export. this is a feature that tetragon provides to control the size of the events produced : https://tetragon.io/docs/concepts/events/#export-filtering

Alternatives

Create a Otel collector pipeline that filter the data out.

matthyx · 2025-02-18T14:25:28Z

note to self, see if I can move it to node-agent project

matthyx added this to Kubescaping Feb 18, 2025

matthyx moved this to Triage in Kubescaping Feb 18, 2025

matthyx moved this from Triage to Feature in Kubescaping Feb 18, 2025

matthyx assigned slashben Feb 18, 2025

matthyx transferred this issue from kubescape/operator Feb 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configure the fields exported by events produced for Runtime Threat Detection ( node-agent) #488

Configure the fields exported by events produced for Runtime Threat Detection ( node-agent) #488

henrikrexed commented Feb 17, 2025

matthyx commented Feb 18, 2025

Configure the fields exported by events produced for Runtime Threat Detection ( node-agent) #488

Configure the fields exported by events produced for Runtime Threat Detection ( node-agent) #488

Comments

henrikrexed commented Feb 17, 2025

Overview

Problem

Solution

Alternatives

matthyx commented Feb 18, 2025