Thomas Labarussias
Thomas Labarussias
Do you have more details about which rule is triggered?
Your rates are really huge, it's noisy for sure. Falco is a security agent, you have to fine tune the rules to get compliant with your env. It's not supposed...
Are you using Helm? If so, the `rules` field is not used, here's the syntax to disable some rules: ``` customRules: override-rules.yaml: |- - rule: Drop and execute new binary...
Even if we can't match all possible `output_fields`, especially because of the plugins which have their own and the possibility in falcosidekick to inject custom fields in the payload. Do...
We're on the same page :wink:
For helping you, you can see how I did it in falco talon, it creates an index template at init https://github.com/Falco-Talon/falco-talon/tree/main/notifiers/elasticsearch
@idrissneumann what's the status on your side? do you need help?
Will be fixed in the upcoming 2.29
Hi, The pipeline has been integrated in the `master` branch, but not released in a tagged version yet (it will be in the 2.30.0), this is why it's not available...
The Helm has been updated a while ago with the values for elasticsearch.