Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Karmor Log(Alert), TAG field changes from string to string array #961

Closed
2 tasks
AbhinavCSY opened this issue Nov 1, 2022 · 2 comments · Fixed by #965
Closed
2 tasks

Karmor Log(Alert), TAG field changes from string to string array #961

AbhinavCSY opened this issue Nov 1, 2022 · 2 comments · Fixed by #965
Assignees
@vishnusomank
Labels
enhancement New feature or request
Milestone
v0.7

Comments

@AbhinavCSY
Copy link

AbhinavCSY commented Nov 1, 2022
edited by nyrahul

Feature Request

In policies there are multiple tags in a single array, due to a single policy can be linked to different use cases, changing it to a string array will send the partitioned Tags in output, which will be easy to handle in different SIEM integration and further representation.

Currently, in the output, the Tags are coming in this format combined as a single string

Tags: MITRE, MITRE_T1552_unsecured_credentials

Changing the output to the below output will automatically portion the tags.


"Tags": [
            "MITRE",
            "MITRE_T1552_unsecured_credentials"
        ],
  • Create new protobuf entry
  • Add a task to deprecate "tags" field in v0.10.
@AbhinavCSY AbhinavCSY added the enhancement New feature or request label Nov 1, 2022
@nyrahul
Copy link
Contributor

nyrahul commented Nov 2, 2022

@vishnusomank, would you be able to handle this change? Let us know if any discussion needed. Thanks

@nyrahul nyrahul added this to the v0.7 milestone Nov 3, 2022
@nyrahul
Copy link
Contributor

nyrahul commented Nov 3, 2022
edited

we cannot change existing field and convert it to Array of strings..

As discussed we will add a new field "ATags" (Array of tags) .. and leave existing field as it is.

"ATags": [
            "MITRE",
            "MITRE_T1552_unsecured_credentials"
        ],

vishnusomank added a commit to vishnusomank/KubeArmor that referenced this issue Nov 3, 2022
@vishnusomank
Change TAGS from string to string array (kubearmor#961)
6d25bd4 
**Purpose:**

To make show/send array of Tags to output, making it easy to handle in different SIEM integration and further representation.

**Updates in:**

- feeder/feeder.go to include new tags field `ATags`
- protobuf to inlcude `ATags` array
- feeder/policyMatcher.go to write tags array to new field `ATags`
- types/types.go to include `ATags` array in Alert structure

Fixes: kubearmor#961

Signed-off-by: vishnusomank <vishnu@accuknox.com>
@vishnusomank vishnusomank mentioned this issue Nov 3, 2022
Merged
7 tasks
Ankurk99 added a commit that referenced this issue Nov 7, 2022
@Ankurk99
Merge pull request #965 from vishnusomank/log-fix
b348572 
Fixes #961
rksharma95 pushed a commit to rksharma95/KubeArmor that referenced this issue Dec 2, 2022
@vishnusomank @rksharma95
Change TAGS from string to string array (kubearmor#961)
ec710cf 
**Purpose:**

To make show/send array of Tags to output, making it easy to handle in different SIEM integration and further representation.

**Updates in:**

- feeder/feeder.go to include new tags field `ATags`
- protobuf to inlcude `ATags` array
- feeder/policyMatcher.go to write tags array to new field `ATags`
- types/types.go to include `ATags` array in Alert structure

Fixes: kubearmor#961

Signed-off-by: vishnusomank <vishnu@accuknox.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vishnusomank vishnusomank

Labels
enhancement New feature or request
Projects
No open projects
v0.7 Backlog, Release Plan
Status: Done
Milestone
v0.7
Development

Successfully merging a pull request may close this issue.

Enhancement(Feeder) Change TAGS from string to string array (#961) vishnusomank/KubeArmor
3 participants
@nyrahul @vishnusomank @AbhinavCSY