John Fitzpatrick johnfitzpatrick
johnfitzpatrick
/ falco_Blacklisted_Containers.yaml
Created
October 7, 2019 13:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - rule: Blacklisted Containers | |
| desc: > | |
| Detect the initial process started by a container that is from a list of blacklisted containers. | |
| condition: container_started and container and blacklisted_containers | |
| output: Container started is blacklisted (user=%user.name command=%proc.cmdline %container.info image=%container.image.repository:%container.image.tag) | |
| priority: WARNING | |
| tags: [container, mitre_lateral_movement] | |
| - macro: blacklisted_containers | |
| condition: (container.name startswith 'k8s_actor_actor') |
johnfitzpatrick
/ testfile
Created
January 28, 2020 10:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| this is a test |
johnfitzpatrick
/ kube-apiserver.yaml
Created
February 3, 2020 17:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| component: kube-apiserver | |
| tier: control-plane | |
| name: kube-apiserver | |
| namespace: kube-system | |
| spec: |
johnfitzpatrick
/ complete-sock-shop.yaml
Created
March 24, 2020 14:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: carts-db | |
| labels: | |
| name: carts-db | |
| namespace: sock-shop | |
| spec: | |
| replicas: 1 | |
| template: |
johnfitzpatrick
/ sysdig-agent-configmap.yaml
Created
March 26, 2020 12:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: sysdig-agent | |
| data: | |
| dragent.yaml: | | |
| configmap: true | |
| ### Agent tags | |
| # tags: linux:ubuntu,dept:dev,local:nyc |
johnfitzpatrick
/ vitalsSpec.yaml
Created
September 2, 2021 09:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| description: Vitals API | |
| version: 2.4.0 | |
| title: Vitals API | |
| basePath: / | |
| tags: | |
| - name: health | |
| description: Stats about the health of a Kong cluster | |
| - name: traffic |
OlderNewer