apiVersion: security.kubearmor.com/v1
namespace: [namespace name]
severity: [1-10] # --> optional (1 by default)
tags: ["tag", ...] # --> optional
message: [message] # --> optional
- path: [absolute executable path]
ownerOnly: [true|false] # --> optional
fromSource: # --> optional
- path: [absolute exectuable path]
- dir: [absolute directory path]
recursive: [true|false] # --> optional
ownerOnly: [true|false] # --> optional
fromSource: # --> optional
- path: [absolute exectuable path]
- pattern: [regex pattern]
ownerOnly: [true|false] # --> optional
- path: [absolute file path]
readOnly: [true|false] # --> optional
ownerOnly: [true|false] # --> optional
fromSource: # --> optional
- path: [absolute exectuable path]
- dir: [absolute directory path]
recursive: [true|false] # --> optional
readOnly: [true|false] # --> optional
ownerOnly: [true|false] # --> optional
fromSource: # --> optional
- path: [absolute exectuable path]
- pattern: [regex pattern]
readOnly: [true|false] # --> optional
ownerOnly: [true|false] # --> optional
- protocol: [TCP|tcp|UDP|udp|ICMP|icmp]
fromSource: # --> optional
- path: [absolute exectuable path]
- capability: [capability name]
fromSource: # --> optional
- path: [absolute exectuable path]
action: [Allow|Audit|Block] (Block by default)