configmap-example.yaml

apiVersion: v1
data:
  signatures.yaml: |-
    apiVersion: aquasecurity.github.io/v1beta1
    kind: TraceePolicy
    metadata:
      name: signature-events
      annotations:
        description: traces all signature events
    spec:
      scope:
        - global
      rules:
        - event: stdio_over_socket
        - event: k8s_api_connection
        - event: aslr_inspection
        - event: proc_mem_code_injection
        - event: docker_abuse
        - event: scheduled_task_mod
        - event: ld_preload
        - event: cgroup_notify_on_release
        - event: default_loader_mod
        - event: sudoers_modification
        - event: sched_debug_recon
        - event: system_request_key_mod
        - event: cgroup_release_agent
        - event: rcd_modification
        - event: core_pattern_modification
        - event: proc_kcore_read
        - event: proc_mem_access
        - event: hidden_file_created
        - event: anti_debugging
        - event: ptrace_code_injection
        - event: process_vm_write_inject
        - event: disk_mount
        - event: dynamic_code_loading
        - event: fileless_execution
        - event: illegitimate_shell
        - event: kernel_module_loading
        - event: k8s_cert_theft
        - event: proc_fops_hooking
        - event: syscall_hooking
        - event: dropped_executable
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: tracee
    meta.helm.sh/release-namespace: tracee-system
  creationTimestamp: "2023-08-29T17:07:32Z"
  labels:
    app.kubernetes.io/instance: tracee
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: tracee
    app.kubernetes.io/version: 0.17.1
    helm.sh/chart: tracee-0.17.1
  name: tracee-policies
  namespace: tracee-system
  resourceVersion: "2338437"
  uid: 890cf044-6ffe-42b6-822b-efd1fd97285d