falco - postgresql alert

[crssnd]

Describe the bug Falco is generating the below PostgreSQL alert on a test cluster setup:

{"output":"09:49:46.578763685: Notice Database-related program spawned process other than itself (user=<NA> user_loginuid=-1 program=sh -c envdir "/run/etc/wal-e.d/env" wal-g wal-push "pg_wal/0000002E000006300000002A" parent=postgres container_id=086c88f1ef91 image=registry.opensource.zalan.do/acid/spilo-14) k8s.ns=postgres-system k8s.pod=long-running-13-a-0 container=086c88f1ef91 k8s.ns=postgres-system k8s.pod=long-running-13-a-0 container=086c88f1ef91 k8s.ns=postgres-system k8s.pod=long-running-13-a-0 container=086c88f1ef91 k8s.ns=postgres-system k8s.pod=long-running-13-a-0 container=086c88f1ef91","priority":"Notice","rule":"DB program spawned process","source":"syscall","tags":["database","mitre_execution","process"],"time":"2022-08-15T09:49:46.578763685Z", "output_fields": {"container.id":"086c88f1ef91","container.image.repository":"registry.opensource.zalan.do/acid/spilo-14","evt.time":1660556986578763685,"k8s.ns.name":"postgres-system","k8s.pod.name":"long-running-13-a-0","proc.cmdline":"sh -c envdir "/run/etc/wal-e.d/env" wal-g wal-push "pg_wal/0000002E000006300000002A"","proc.pname":"postgres","user.loginuid":-1,"user.name":null}}

Expected behaviour Alert not being triggered or an exception added if it's a know behaviour that doesn't affect our security.

Definition of Done

• wait until we complete the falco v0.33 upgrade task
• check if the alert is still present (check after 24h or 48h)
• if still there investigate the issue and propose a solution