vicenteherrera · March 23, 2020 18:20
diff --git a/network_connection_outside_local_subnet.yaml b/network_connection_outside_local_subnet.yaml
 - rule: Network Connection outside Local Subnet
  desc: Detect traffic to image outside local subnet.
  condition: >
    enabled_rule_network_only_subnet and
    inbound_outbound and  container and
    not network_local_subnet and
    k8s.ns.name in (namespace_scope_network_only_subnet)
  output: >
    Network connection outside local subnet
    (command=%proc.cmdline connection=%fd.name user=%user.name container_id=%container.id  image=%container.image.repository namespace=%k8s.ns.name
    fd.rip.name=%fd.rip.name fd.lip.name=%fd.lip.name fd.cip.name=%fd.cip.name fd.sip.name=%fd.sip.name)
  priority: WARNING
  tags: [network, NIST, NIST_3.3.3, PCI, PCI_DSS_6.4.2]
	- rule: Network Connection outside Local Subnet
	desc: Detect traffic to image outside local subnet.
	condition: >
	enabled_rule_network_only_subnet and
	inbound_outbound and container and
	not network_local_subnet and
	k8s.ns.name in (namespace_scope_network_only_subnet)
	output: >
	Network connection outside local subnet
	(command=%proc.cmdline connection=%fd.name user=%user.name container_id=%container.id image=%container.image.repository namespace=%k8s.ns.name
	fd.rip.name=%fd.rip.name fd.lip.name=%fd.lip.name fd.cip.name=%fd.cip.name fd.sip.name=%fd.sip.name)
	priority: WARNING
	tags: [network, NIST, NIST_3.3.3, PCI, PCI_DSS_6.4.2]