Mark Stemm
Mark Stemm
# Rules error, with verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:13 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:13 2022: Falco initialized with...
# Rules warning, without verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:13 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:13 2022: Falco initialized with...
# Rules warning, with verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:14 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:14 2022: Falco initialized with...
# Rules error + warning, without verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:14 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:14 2022: Falco...
# Rules error + warning, with verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:14 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:14 2022: Falco...
# Valid rules, without verbose: ## Validate Rules ### Falco 0.32.1: ``` out: Ok err: Wed Aug 10 18:03:14 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:14 2022: Falco...
# Valid, with verbose: ## Validate Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:14 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:14 2022: Falco initialized with configuration...
Thanks for the very thorough write up! I completely agree that this is the best/least-bad approach to take. Here are some more specific comments: (D1): you're right that only falco...
We should keep this on the roadmap.
Should we bother changing any of the json_evt code at all, given that it's effectively dead with the transition of k8s audit support to a plugin?