Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split Falco alerts for different priorities #2207

Open
2 tasks
aarnq opened this issue Jul 12, 2024 · 0 comments
Open
2 tasks

Split Falco alerts for different priorities #2207

aarnq opened this issue Jul 12, 2024 · 0 comments
Labels
app/falco Falco - Intrusion Detection kind/feature New feature or request

Comments

@aarnq
Copy link
Contributor

aarnq commented Jul 12, 2024

Proposed feature

Falco rules have different priorities attached to them, but we only alert on P2. We should change this to make it easier for platform admins to handle alerts, as then a P1 Falco alert would be something critical, and P2 Falco alert something severe.

And make it a better experience for application developers, as they wouldn't think every alert would be an active intrusion.

Proposed alternatives

Check if it is possible to map the labels from the Falco alerts to the priorities used by Alertmanager.

Additional context

No response

Definition of done

  • Falco alerts have different priorities
  • This new feature is covered by public documentation
@aarnq aarnq added kind/feature New feature or request app/falco Falco - Intrusion Detection labels Jul 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
app/falco Falco - Intrusion Detection kind/feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aarnq