How to I stop events generating for particular pod.

[manojdeshmukh45]

I need to drop all events related one particular container

I Userd this rule

• rule: Exclude All Alerts and Drop Events for Specific Pod Name
  desc: Exclude all alerts and drop events for a specific pod name
  condition: container.name == "b2auto-re"
  drop: true

Here its giving me error that there is no output an dpriority key, if I add those two again ill get an alert as "INFO Exclude All Alerts and Drop Events for Specific Pod Name".

where I dont need an alert at all.

[Andreagit97]

ei @manojdeshmukh45 probably you need to add container.name != "b2auto-re" in all the rules from which you don't want to receive alerts

The rule you posted do nothing in the Falco lingo :/

[Andreagit97]

I read the thread here https://kubernetes.slack.com/archives/CMWH3EH32/p1694596477483489, this seems more a feature request than a bug so i will change the label

[Andreagit97]

maybe we could add the equivalent of -p but for the conditions, WDYT? @falcosecurity/falco-maintainers ?

[leogr]

maybe we could add the equivalent of -p but for the conditions, WDYT? @falcosecurity/falco-maintainers ?

Not sure. Since this directly affects rules evaluation, it should be part of a rules file (and not an option), IMO.

Anyway, I agree we should think about this feature. It looks like a global condition exception.

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[leogr]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[Andreagit97]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[Andreagit97]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[leogr]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[leogr]

/remove-lifecycle stale