From 3aebe5288aa0f83ad515bb3b4d24616984c1b854 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:12:21 +0000 Subject: [PATCH 1/7] update(plugins): k8saudit-0.7.0 Signed-off-by: Luca Guerra --- plugins/k8saudit/pkg/k8saudit/k8saudit.go | 2 +- plugins/k8saudit/rules/k8s_audit_rules.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/k8saudit/pkg/k8saudit/k8saudit.go b/plugins/k8saudit/pkg/k8saudit/k8saudit.go index 64672ad2..e7b47248 100644 --- a/plugins/k8saudit/pkg/k8saudit/k8saudit.go +++ b/plugins/k8saudit/pkg/k8saudit/k8saudit.go @@ -54,7 +54,7 @@ func (k *Plugin) Info() *plugins.Info { Name: pluginName, Description: "Read Kubernetes Audit Events and monitor Kubernetes Clusters", Contact: "github.com/falcosecurity/plugins", - Version: "0.6.1", + Version: "0.7.0", EventSource: "k8s_audit", } } diff --git a/plugins/k8saudit/rules/k8s_audit_rules.yaml b/plugins/k8saudit/rules/k8s_audit_rules.yaml index 0d629ded..6ba9ab52 100644 --- a/plugins/k8saudit/rules/k8s_audit_rules.yaml +++ b/plugins/k8saudit/rules/k8s_audit_rules.yaml @@ -20,10 +20,10 @@ - required_plugin_versions: - name: k8saudit - version: 0.6.0 + version: 0.7.0 alternatives: - name: k8saudit-eks - version: 0.2.0 + version: 0.4.0 - name: json version: 0.7.0 From 28bc8bf0c1e3a6b7fd21343aa368fc41ef4c3438 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:17:25 +0000 Subject: [PATCH 2/7] update(plugins): cloudtrail-0.10.0 Signed-off-by: Luca Guerra --- plugins/cloudtrail/pkg/cloudtrail/cloudtrail.go | 2 +- plugins/cloudtrail/rules/aws_cloudtrail_rules.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/cloudtrail/pkg/cloudtrail/cloudtrail.go b/plugins/cloudtrail/pkg/cloudtrail/cloudtrail.go index 105235a2..c65da124 100644 --- a/plugins/cloudtrail/pkg/cloudtrail/cloudtrail.go +++ b/plugins/cloudtrail/pkg/cloudtrail/cloudtrail.go @@ -48,7 +48,7 @@ const ( PluginName = "cloudtrail" PluginDescription = "reads cloudtrail JSON data saved to file in the directory specified in the settings" PluginContact = "github.com/falcosecurity/plugins/" - PluginVersion = "0.9.1" + PluginVersion = "0.10.0" PluginEventSource = "aws_cloudtrail" ) diff --git a/plugins/cloudtrail/rules/aws_cloudtrail_rules.yaml b/plugins/cloudtrail/rules/aws_cloudtrail_rules.yaml index 9c9bbad0..1abe4237 100644 --- a/plugins/cloudtrail/rules/aws_cloudtrail_rules.yaml +++ b/plugins/cloudtrail/rules/aws_cloudtrail_rules.yaml @@ -21,7 +21,7 @@ - required_plugin_versions: - name: cloudtrail - version: 0.8.0 + version: 0.10.0 - name: json version: 0.7.0 From 8abd9b66b4d02605570cae1675374d6942a93d07 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:18:16 +0000 Subject: [PATCH 3/7] update(plugins): dummy-0.10.0 Signed-off-by: Luca Guerra --- plugins/dummy/pkg/dummy/dummy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/dummy/pkg/dummy/dummy.go b/plugins/dummy/pkg/dummy/dummy.go index 34b9ea2f..43aaaf80 100644 --- a/plugins/dummy/pkg/dummy/dummy.go +++ b/plugins/dummy/pkg/dummy/dummy.go @@ -37,7 +37,7 @@ const ( PluginName = "dummy" PluginDescription = "Reference plugin for educational purposes" PluginContact = "github.com/falcosecurity/plugins" - PluginVersion = "0.10.0-rc1" + PluginVersion = "0.10.0" PluginEventSource = "dummy" ) From 62b0560df6237b10df11b285433aae7207bc6d86 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:18:33 +0000 Subject: [PATCH 4/7] update(plugins): gcpaudit-0.3.0 Signed-off-by: Luca Guerra --- plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go | 2 +- plugins/gcpaudit/rules/gcp_auditlog_rules.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go b/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go index 3d46f7ea..08b6aeac 100644 --- a/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go +++ b/plugins/gcpaudit/pkg/gcpaudit/gcpaudit.go @@ -30,7 +30,7 @@ const ( PluginName = "gcpaudit" PluginDescription = "Read GCP Audit Logs" PluginContact = "github.com/falcosecurity/plugins" - PluginVersion = "0.2.2" + PluginVersion = "0.3.0" PluginEventSource = "gcp_auditlog" ) diff --git a/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml b/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml index 0f466c20..d08fc1a7 100644 --- a/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml +++ b/plugins/gcpaudit/rules/gcp_auditlog_rules.yaml @@ -20,7 +20,7 @@ - required_plugin_versions: - name: gcpaudit - version: 0.2.0 + version: 0.3.0 - name: json version: 0.7.0 From 1e44d2108c31e9b460e5d8d6453f11fbcafc4492 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:18:54 +0000 Subject: [PATCH 5/7] update(plugins): github-0.7.0 Signed-off-by: Luca Guerra --- plugins/github/pkg/github/github.go | 2 +- plugins/github/rules/github.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/github/pkg/github/github.go b/plugins/github/pkg/github/github.go index 4292f3f8..2b1f0ebb 100644 --- a/plugins/github/pkg/github/github.go +++ b/plugins/github/pkg/github/github.go @@ -39,7 +39,7 @@ const ( PluginName = "github" PluginDescription = "Reads github webhook events, by listening on a socket or by reading events from disk" PluginContact = "github.com/falcosecurity/plugins" - PluginVersion = "0.6.1" + PluginVersion = "0.7.0" PluginEventSource = "github" ExtractEventSource = "github" ) diff --git a/plugins/github/rules/github.yaml b/plugins/github/rules/github.yaml index f2a29dea..99f3c21b 100644 --- a/plugins/github/rules/github.yaml +++ b/plugins/github/rules/github.yaml @@ -20,7 +20,7 @@ - required_plugin_versions: - name: github - version: 0.6.0 + version: 0.7.0 - rule: Webhook Connected desc: Detect a webhook link From daa007cee3a8c09464b46eb2ba5d59d59959cbeb Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 14:19:08 +0000 Subject: [PATCH 6/7] update(plugins): k8saudit-eks-0.4.0 Signed-off-by: Luca Guerra --- plugins/k8saudit-eks/pkg/k8sauditeks/k8sauditeks.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/k8saudit-eks/pkg/k8sauditeks/k8sauditeks.go b/plugins/k8saudit-eks/pkg/k8sauditeks/k8sauditeks.go index e5aff0ed..26fe46f6 100644 --- a/plugins/k8saudit-eks/pkg/k8sauditeks/k8sauditeks.go +++ b/plugins/k8saudit-eks/pkg/k8sauditeks/k8sauditeks.go @@ -63,7 +63,7 @@ func (k *Plugin) Info() *plugins.Info { Name: pluginName, Description: "Read Kubernetes Audit Events for EKS from Cloudwatch Logs", Contact: "github.com/falcosecurity/plugins", - Version: "0.3.0", + Version: "0.4.0", EventSource: "k8s_audit", } } From 6846342be8efa1508cecb474fcf5d4c2840dae1e Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jan 2024 15:17:39 +0000 Subject: [PATCH 7/7] update(plugins): okta-rules:0.10.0 Signed-off-by: Luca Guerra --- plugins/okta/rules/okta_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/okta/rules/okta_rules.yaml b/plugins/okta/rules/okta_rules.yaml index 0554bf5d..5bd22530 100644 --- a/plugins/okta/rules/okta_rules.yaml +++ b/plugins/okta/rules/okta_rules.yaml @@ -20,7 +20,7 @@ - required_plugin_versions: - name: okta - version: 0.8.0 + version: 0.10.0 # Example Rule on login in to OKTA. Disabled by default since it might be noisy #- rule: User logged in to OKTA