You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Falco default rules are good but can't be modified individually.
Feature
I think it would make sense to allow user to modify an individual Falco default rule that are send to Alertmanager to match with user's usage or business without have to replace the whole list of default rule to user's customized rules.
For example:
change "priority: Critical" to "severity: Critical"
Add additional description for different rule.
Alternatives
At the moment user only could add an extra label or extra annotation to the whole list of default rule but not an individual one.
Additional context
The text was updated successfully, but these errors were encountered:
For the mapping between severity and priority, there's already the PR #440 for that.
For your second point, I don't understand your usage. If you want different format for the alerts, you have to change the output field in falco's rules.
Hi @Issif,
Thanks for your quick response.
Does any falcosecurity chart support to change the falco's rules output? And is it possible to change the output of individual rule?
Motivation
Falco default rules are good but can't be modified individually.
Feature
I think it would make sense to allow user to modify an individual Falco default rule that are send to Alertmanager to match with user's usage or business without have to replace the whole list of default rule to user's customized rules.
For example:
Alternatives
At the moment user only could add an extra label or extra annotation to the whole list of default rule but not an individual one.
Additional context
The text was updated successfully, but these errors were encountered: