custom rules first steps #1077
custom rules first steps #1077
Conversation
There was a problem hiding this comment.
This is great. Just wondering if we can better cross-link this page to the existing basic pages and now also the new style guide. I think redundancy is good here aka let's not remove things from other places and instead just always link back and forth between pages?
Signed-off-by: Vicente J. Jiménez Miras <[email protected]>
Signed-off-by: Vicente J. Jiménez Miras <[email protected]>
There was a problem hiding this comment.
This is impressive 🤩
Overall, SGTM. I've just left some minor suggestions.
Also, I'd like to clarify that this guide applies to the syscall data source (the default Falco use case). However, plugin rules may be different. For example, the evt.type recommendation does not apply to plugin rules.
Signed-off-by: Vicente J. Jiménez Miras <[email protected]>
|
LGTM |
Co-authored-by: Nate W <[email protected]> Signed-off-by: Vicente JJ. Miras <[email protected]>
Co-authored-by: Nate W <[email protected]> Signed-off-by: Vicente JJ. Miras <[email protected]>
Thanks a lot, Nate. Great suggestions. |
|
LGTM label has been added. Git tree hash: 87e7587b0eaed9dcfee37b65955c5d6a3665c336
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: leogr, vjjmiras The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind content
Any specific area of the project related to this PR?
/area documentation
What this PR does / why we need it:
Which issue(s) this PR fixes:
This document completes the PR #1075
Special notes for your reviewer:
/cc @incertum, tagging you here since for a review, please :-)