Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

audit alert with resource: unknown for network event #1838

Open
rksharma95 opened this issue Aug 14, 2024 · 0 comments · May be fixed by #1892
Open

audit alert with resource: unknown for network event #1838

rksharma95 opened this issue Aug 14, 2024 · 0 comments · May be fixed by #1892
Assignees
Labels
Analysis bug Something isn't working

Comments

@rksharma95
Copy link
Collaborator

Bug Report

General Information

  • Environment description (GKE, VM-Kubeadm, vagrant-dev-env, minikube, microk8s, ...)
  • Kernel version (run uname -a): CentOS Linux 8, 4.18.0-348.7.1.el8_5.x86_64 amd64
  • Orchestration system version in use (e.g. kubectl version, ...)
  • Link to relevant artifacts (policies, deployments scripts, ...)
  • Target containers/pods

To Reproduce

No fixed steps to reproduce the issue, hit and try with a workload that generates network event and observe the alerts using a allow based policy for network events.

Expected behavior

A description of what you expected to happen.

Screenshots

{"Action":"Audit","ClusterName":"TalgarTest","ContainerID":"6ecd86270e501278a7a407fa9a76c5824c55fa2613457e34b346c55564ada11c","ContainerImage":"docker.io/flannel/flannel:v0.25.5@sha256:4f65cc179d15e8ee4d67a6a32ce89c02094120a46452a4e0341d26be9fd556c3","ContainerName":"kube-flannel","Cwd":"/","Data":"lsm=SOCKET_CREATE unknown","Enforcer":"BPFLSM","HostName":"master-k8s","HostPID":3058928,"HostPPID":546359,"Labels":"tier=node,app=flannel","NamespaceName":"kube-flannel","Operation":"Network","Owner":{"Name":"kube-flannel-ds","Namespace":"kube-flannel","Ref":"DaemonSet"},"PID":1733478,"PPID":13,"PodName":"kube-flannel-ds-qm5mg","PolicyName":"DefaultPosture","ProcessName":"/sbin/xtables-nft-multi","Resource":"unknown","Result":"Passed","Source":"/sbin/iptables -t nat -C FLANNEL-POSTRTG ! -s 10.244.0.0/16 -d 10.244.0.0/16 -m comment --comment flanneld masq -j MASQUERADE --random-fully --wait","Timestamp":1723536797,"Type":"MatchedPolicy","UID":0,"UpdatedTime":"2024-08-13T08:13:17.127Z","_id":"66bb159dffa5bde17e93964a","cluster_id":"37390","component_name":"kubearmor","instanceGroup":"0","instanceID":"0","tenant_id":"3632","workload":"1"}

If applicable, add screenshots to help explain your problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Analysis bug Something isn't working
Projects
None yet
2 participants