You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In policies there are multiple tags in a single array, due to a single policy can be linked to different use cases, changing it to a string array will send the partitioned Tags in output, which will be easy to handle in different SIEM integration and further representation.
Currently, in the output, the Tags are coming in this format combined as a single string
Tags: MITRE, MITRE_T1552_unsecured_credentials
Changing the output to the below output will automatically portion the tags.
**Purpose:**
To make show/send array of Tags to output, making it easy to handle in different SIEM integration and further representation.
**Updates in:**
- feeder/feeder.go to include new tags field `ATags`
- protobuf to inlcude `ATags` array
- feeder/policyMatcher.go to write tags array to new field `ATags`
- types/types.go to include `ATags` array in Alert structure
Fixes: kubearmor#961
Signed-off-by: vishnusomank <vishnu@accuknox.com>
**Purpose:**
To make show/send array of Tags to output, making it easy to handle in different SIEM integration and further representation.
**Updates in:**
- feeder/feeder.go to include new tags field `ATags`
- protobuf to inlcude `ATags` array
- feeder/policyMatcher.go to write tags array to new field `ATags`
- types/types.go to include `ATags` array in Alert structure
Fixes: kubearmor#961
Signed-off-by: vishnusomank <vishnu@accuknox.com>
Feature Request
In policies there are multiple tags in a single array, due to a single policy can be linked to different use cases, changing it to a string array will send the partitioned Tags in output, which will be easy to handle in different SIEM integration and further representation.
Currently, in the output, the Tags are coming in this format combined as a single string
Changing the output to the below output will automatically portion the tags.
The text was updated successfully, but these errors were encountered: