darryk10

@leogr here is the new https://github.com/falcosecurity/falco/pull/2188. Thanks

@leogr @jasondellaluce I think we can close this PR since already merged here https://github.com/falcosecurity/falco/pull/2188

Hi @incertum amazing work! Both inventory and the Mitre TTP mapping is really helpful to understand the coverage. My suggestion is to generate the mitre coverage map with the tag...

Hi @hi120ki do you think we can add something in the condition for evt.type? What you think about `open_read` macro?

Hi @hi120ki I agree we should add both `open_read or open_file_failed`. If you can add to the rule would be awesome. Thanks

Hi, Thanks for the question. The tool is actually checking the env for the specific ns and generate PSP or OPA policies. It isn't evaluating the PSPs already deployed and...

Hi, I think both are valid use cases that we might need to whitelist to reduce possible noise. I wondered if we could whitelist the use case using a port...

@incertum should we also add cri-dockerd in rules? container_entrypoint macro should be one