+
Skip to content

Test action demo #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 44 commits into from
Aug 1, 2023
Merged

Test action demo #4

merged 44 commits into from
Aug 1, 2023

Conversation

rajaSahil
Copy link
Owner

No description provided.

rajaSahil added 10 commits June 22, 2023 04:54
@rajaSahil
feat(report): update code
e06d31f 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(report): update code
0fdbde4 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
50c9efb 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
ed7537f 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
47dd6b6 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
6c4ba1c 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
cb4b8e1 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
91cc7f2 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
784d569 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(action): add github action
7de188c 
Signed-off-by: sahil <sahilraja242@gmail.com>
@github-actions
Copy link

Resource Information

Cluster Name default
Namespace Name default
Container Name 555cbad81c7dae80362911e4cbb319ecf387b155dee141f15085e204f05a936e
Labels ``

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/kube-webhook-certgen /usr/local/bin/mount-product-files Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow

File Access Data

Src Process Destination File Path Status
/app/.venv/bin/python /app/.venv/lib/python3.11/site-packages/ Block
/app/.venv/bin/python /usr/local/lib/python3.11/ Block
/bin/alertmanager /bin/alertmanager Allow
/bin/alertmanager /etc/ Allow
/bin/alertmanager /sys/kernel/mm/transparent_hugepage/hpage_pmd_size Allow
/bin/node_exporter /host/sys/class/dmi/id/board_serial Block
/bin/node_exporter /host/sys/class/dmi/id/chassis_serial Block
/bin/node_exporter /host/sys/devices/virtual/dmi/id/sys_vendor Allow
/bin/node_exporter /sys/kernel/mm/transparent_hugepage/hpage_pmd_size Allow
/bin/operator /bin/operator Allow
/bin/operator /sys/kernel/mm/transparent_hugepage/hpage_pmd_size Allow
/bin/operator /var/run/secrets/kubernetes.io/serviceaccount/..2023_06_29_20_40_30.1314003680/ca.crt Allow
/bin/operator /var/run/secrets/kubernetes.io/serviceaccount/..2023_06_29_20_40_30.1314003680/token Allow
/bin/prometheus-config-reloader /bin/prometheus-config-reloader Allow
/bin/prometheus-config-reloader /etc/ Allow
/bin/prometheus-config-reloader /sys/kernel/mm/transparent_hugepage/hpage_pmd_size Allow
/docker-entrypoint.sh / Allow
/kube-webhook-certgen /dev/ Allow
/kube-webhook-certgen /etc/ Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/dev/shm Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/hostname Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/hosts Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/resolv.conf Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/var/run/secrets/kubernetes.io/serviceaccount Allow
/usr/bin/cp /etc/ Allow
/usr/bin/cp /kind/product_name Allow
/usr/bin/cp /kind/product_uuid Allow
/usr/bin/cp /product_name Allow
/usr/bin/cp /product_uuid Allow
/usr/bin/cp /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/grep /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/grep /var/lib/docker/volumes/e9df37a9dba6b08316ae7d9e4433e632b37f1c0722cb25ebaa067b0e96a8345b/_data/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/109/work/work/#1141271 Allow
/usr/bin/jq /etc/ Allow
/usr/bin/jq /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/mount /etc/ Allow
/usr/bin/mount /usr/lib/x86_64-linux-gnu/ Allow
/usr/local/bin/mount-product-files /dev/ Allow
/usr/local/bin/mount-product-files /etc/ Allow
/usr/local/bin/mount-product-files /kind Allow
/usr/local/bin/mount-product-files /usr/lib/x86_64-linux-gnu/ Allow
/usr/local/bin/mount-product-files /usr/local/bin/mount-product-files Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/node_exporter pod/kps-prometheus-node-exporter-lj5c9 9100 default app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/part-of=prometheus-node-exporter,app.kubernetes.io/version=1.6.0,helm.sh/chart=prometheus-node-exporter-4.18.1,jobLabel=node-exporter,pod-template-generation=1,release=kps
TCPv6 /bin/alertmanager 10.244.0.1 9093
Resource Information

Cluster Name default
Namespace Name accuknox-agents
Container Name discovery-engine
Labels app=discovery-engine

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/kube-webhook-certgen /usr/local/bin/mount-product-files Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow

File Access Data

Src Process Destination File Path Status
/app/.venv/bin/python /app/.venv/lib/python3.11/site-packages/ Block
/app/.venv/bin/python /usr/local/lib/python3.11/ Block
/bin/node_exporter /host/sys/class/dmi/id/board_serial Block
/bin/node_exporter /host/sys/class/dmi/id/chassis_serial Block
/bin/node_exporter /host/sys/devices/virtual/dmi/id/sys_vendor Allow
/bin/operator /bin/operator Allow
/bin/operator /sys/kernel/mm/transparent_hugepage/hpage_pmd_size Allow
/bin/operator /var/run/secrets/kubernetes.io/serviceaccount/..2023_06_29_20_40_30.1314003680/ca.crt Allow
/bin/operator /var/run/secrets/kubernetes.io/serviceaccount/..2023_06_29_20_40_30.1314003680/token Allow
/docker-entrypoint.sh / Allow
/kube-webhook-certgen /dev/ Allow
/kube-webhook-certgen /etc/ Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/dev/shm Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/hostname Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/hosts Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/etc/resolv.conf Allow
/kube-webhook-certgen /run/containerd/io.containerd.runtime.v2.task/k8s.io/f16c1d0108eac374793875649a7a65fd5df91bcad80658fef21e0390fb7174ee/rootfs/var/run/secrets/kubernetes.io/serviceaccount Allow
/usr/bin/cp /etc/ Allow
/usr/bin/cp /kind/product_name Allow
/usr/bin/cp /kind/product_uuid Allow
/usr/bin/cp /product_name Allow
/usr/bin/cp /product_uuid Allow
/usr/bin/cp /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/grep /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/grep /var/lib/docker/volumes/e9df37a9dba6b08316ae7d9e4433e632b37f1c0722cb25ebaa067b0e96a8345b/_data/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/109/work/work/#1141271 Allow
/usr/bin/jq /etc/ Allow
/usr/bin/jq /usr/lib/x86_64-linux-gnu/ Allow
/usr/bin/mount /etc/ Allow
/usr/bin/mount /usr/lib/x86_64-linux-gnu/ Allow
/usr/local/bin/mount-product-files /dev/ Allow
/usr/local/bin/mount-product-files /etc/ Allow
/usr/local/bin/mount-product-files /kind Allow
/usr/local/bin/mount-product-files /usr/lib/x86_64-linux-gnu/ Allow
/usr/local/bin/mount-product-files /usr/local/bin/mount-product-files Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/node_exporter pod/kps-prometheus-node-exporter-lj5c9 9100 default app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/part-of=prometheus-node-exporter,app.kubernetes.io/version=1.6.0,helm.sh/chart=prometheus-node-exporter-4.18.1,jobLabel=node-exporter,pod-template-generation=1,release=kps

Repository owner deleted a comment from github-actions bot Jun 29, 2023
Repository owner deleted a comment from github-actions bot Jun 29, 2023
Repository owner deleted a comment from github-actions bot Jun 29, 2023
Repository owner deleted a comment from github-actions bot Jun 29, 2023
@nyrahul
Copy link

nyrahul commented Jun 30, 2023
edited by rajaSahil
Loading

Few things to note:

  • remove duplicate entry points
  • fix the labels entry ... currently it shows empty
  • Add options to accuknox-cli report (check below for details)

accuknox-cli report needs to support following options

./accuknox-cli/accuknox-cli report

  • --namespace
  • --labels
  • --operation [process/file/network]
  • --output filename [to keep the json output]
  • --output-mode [diff/full]

@github-actions
Copy link

github-actions bot commented Jul 5, 2023

Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name nginx
Container Name nginx
Labels app=nginx

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/docker-entrypoint.sh /usr/bin/find Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/dash /usr/bin/basename Allow
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name kps-grafana
Container Name grafana
Labels app.kubernetes.io/instance=kps,app.kubernetes.io/name=grafana

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/local/bin/mount-product-files /usr/bin/jq Allow
/usr/local/bin/mount-product-files /usr/bin/mount Allow
/usr/share/grafana/bin/grafana /usr/local/bin/mount-product-files Allow
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name alertmanager-kps-kube-prometheus-stack-alertmanager
Container Name config-reloader
Labels alertmanager=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/instance=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=alertmanager,app.kubernetes.io/version=0.25.0,statefulset.kubernetes.io/pod-name=alertmanager-kps-kube-prometheus-stack-alertmanager-0

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/bin/prometheus-config-reloader /usr/local/bin/mount-product-files Allow
/usr/bin/bash /usr/bin/cp Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/jq Allow
/usr/bin/bash /usr/bin/mount Allow
/usr/bin/bash /usr/bin/mount Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/alertmanager 10.244.0.1 9093

Binds

Protocol Command Bind Port Bind Address
AF_INET6 /bin/alertmanager 0 127.0.0.1
AF_INET6 /bin/alertmanager 0 ::1
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name prometheus-kps-kube-prometheus-stack-prometheus
Container Name config-reloader
Labels app.kubernetes.io/instance=kps-kube-prometheus-stack-prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,app.kubernetes.io/version=2.45.0,operator.prometheus.io/name=kps-kube-prometheus-stack-prometheus,operator.prometheus.io/shard=0,prometheus=kps-kube-prometheus-stack-prometheus,statefulset.kubernetes.io/pod-name=prometheus-kps-kube-prometheus-stack-prometheus-0

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/local/bin/mount-product-files /usr/bin/mount Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/prometheus 10.244.0.1 9090

Egress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCP /bin/prometheus pod/coredns-565d847f94-cjvf6 9153 kube-system k8s-app=kube-dns

Repository owner deleted a comment from github-actions bot Jul 5, 2023
@github-actions
Copy link

github-actions bot commented Jul 5, 2023

Resource Information

Cluster Name default
Namespace Name default
Resource Type DaemonSet
Resource Name kps-prometheus-node-exporter
Container Name node-exporter
Labels app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/part-of=prometheus-node-exporter,app.kubernetes.io/version=1.6.0,helm.sh/chart=prometheus-node-exporter-4.18.1,jobLabel=node-exporter,release=kps

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/node_exporter pod/kps-prometheus-node-exporter-pnfj4 9100 default app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/part-of=prometheus-node-exporter,app.kubernetes.io/version=1.6.0,helm.sh/chart=prometheus-node-exporter-4.18.1,jobLabel=node-exporter,pod-template-generation=1,release=kps
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name nginx
Container Name nginx
Labels app=nginx

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/bin/dash /usr/bin/md5sum Allow
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name alertmanager-kps-kube-prometheus-stack-alertmanager
Container Name config-reloader
Labels alertmanager=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/instance=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=alertmanager,app.kubernetes.io/version=0.25.0,statefulset.kubernetes.io/pod-name=alertmanager-kps-kube-prometheus-stack-alertmanager-0

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/alertmanager 10.244.0.1 9093

Binds

Protocol Command Bind Port Bind Address
AF_INET6 /bin/prometheus-config-reloader 8080 ::
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name prometheus-kps-kube-prometheus-stack-prometheus
Container Name prometheus
Labels app.kubernetes.io/instance=kps-kube-prometheus-stack-prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,app.kubernetes.io/version=2.45.0,operator.prometheus.io/name=kps-kube-prometheus-stack-prometheus,operator.prometheus.io/shard=0,prometheus=kps-kube-prometheus-stack-prometheus,statefulset.kubernetes.io/pod-name=prometheus-kps-kube-prometheus-stack-prometheus-0

Network Behavior Summary

Egress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCP /bin/prometheus pod/kps-prometheus-node-exporter-pnfj4 10249 default app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=prometheus-node-exporter,app.kubernetes.io/part-of=prometheus-node-exporter,app.kubernetes.io/version=1.6.0,helm.sh/chart=prometheus-node-exporter-4.18.1,jobLabel=node-exporter,pod-template-generation=1,release=kps
TCP /bin/prometheus pod/coredns-565d847f94-mb2pl 9153 kube-system k8s-app=kube-dns
TCP /bin/prometheus pod/alertmanager-kps-kube-prometheus-stack-alertmanager-0 9093 default alertmanager=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/instance=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=alertmanager,app.kubernetes.io/version=0.25.0

@rajaSahil
feat(report): update report
782112c 
Signed-off-by: sahil <sahilraja242@gmail.com>
Repository owner deleted a comment from github-actions bot Jul 5, 2023
Repository owner deleted a comment from github-actions bot Jul 5, 2023
rajaSahil added 8 commits July 5, 2023 23:55
@rajaSahil
feat(actions): add action
2da2d4a 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
9a8d73d 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
2816780 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
9f7f4aa 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
2bf6e2f 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
e4aecd2 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
dd0baf8 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
600147c 
Signed-off-by: sahil <sahilraja242@gmail.com>
rajaSahil added 17 commits July 6, 2023 00:24
@rajaSahil
feat(actions): add action
021656b 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
e4e6841 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
6b04bcc 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
9401720 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
5f31c2a 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
b142558 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
c2c931d 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
7eae147 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
b809162 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
6db5698 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
60006a2 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
8f7d013 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
926b62b 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
c122914 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
40a4309 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
47a1c69 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
5b479ca 
Signed-off-by: sahil <sahilraja242@gmail.com>
Repository owner deleted a comment from github-actions bot Jul 6, 2023
rajaSahil added 8 commits July 6, 2023 12:18
@rajaSahil
feat(actions): add action
b9fd44c 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
16130ea 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
b817eea 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
83c5b78 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
795c9dd 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
0ec4f69 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(actions): add action
c353dfe 
Signed-off-by: sahil <sahilraja242@gmail.com>
@rajaSahil
feat(report): update code
75e2769 
Signed-off-by: sahil <sahilraja242@gmail.com>
@github-actions
Copy link

Resource Information

Cluster Name default
Namespace Name accuknox-agents
Resource Type Deployment
Resource Name discovery-engine
Container Name discovery-engine
Labels app=discovery-engine

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/bin/containerd-shim-runc-v2 /knoxAutoPolicy Allow
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name kps-kube-prometheus-stack-operator
Container Name kube-prometheus-stack
Labels app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/part-of=kube-prometheus-stack,app.kubernetes.io/version=48.2.0,app=kube-prometheus-stack-operator,chart=kube-prometheus-stack-48.2.0,heritage=Helm,release=kps

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/operator pod/prometheus-kps-kube-prometheus-stack-prometheus-0 10250 default app.kubernetes.io/instance=kps-kube-prometheus-stack-prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,app.kubernetes.io/version=2.45.0,operator.prometheus.io/name=kps-kube-prometheus-stack-prometheus,operator.prometheus.io/shard=0,prometheus=kps-kube-prometheus-stack-prometheus
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name nginx
Container Name nginx
Labels app=nginx

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh /usr/bin/touch Allow
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name kps-grafana
Container Name grafana
Labels app.kubernetes.io/instance=kps,app.kubernetes.io/name=grafana

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/bin/containerd-shim-runc-v2 /run.sh Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /usr/share/grafana/bin/grafana 10.42.0.1 3000
TCPv6 /usr/share/grafana/bin/grafana 127.0.0.1 3000

Egress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCP /usr/share/grafana/bin/grafana 34.120.177.193 443
TCP /usr/local/bin/python3.11 127.0.0.1 3000
TCP /usr/local/bin/python3.11 svc/kubernetes 443 default component=apiserver,provider=kubernetes
TCP /usr/share/grafana/bin/grafana 185.199.110.133 443
TCP /usr/local/bin/python3.11 127.0.0.1 3000
Resource Information

Cluster Name default
Namespace Name default
Resource Type Deployment
Resource Name kps-kube-state-metrics
Container Name kube-state-metrics
Labels app.kubernetes.io/component=metrics,app.kubernetes.io/instance=kps,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=kube-state-metrics,app.kubernetes.io/part-of=kube-state-metrics,app.kubernetes.io/version=2.9.2,helm.sh/chart=kube-state-metrics-5.10.1,release=kps

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /kube-state-metrics 10.42.0.1 8080
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name prometheus-kps-kube-prometheus-stack-prometheus
Container Name config-reloader
Labels app.kubernetes.io/instance=kps-kube-prometheus-stack-prometheus,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=prometheus,app.kubernetes.io/version=2.45.0,operator.prometheus.io/name=kps-kube-prometheus-stack-prometheus,operator.prometheus.io/shard=0,prometheus=kps-kube-prometheus-stack-prometheus,statefulset.kubernetes.io/pod-name=prometheus-kps-kube-prometheus-stack-prometheus-0

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/prometheus 10.42.0.1 9090
Resource Information

Cluster Name default
Namespace Name default
Resource Type StatefulSet
Resource Name alertmanager-kps-kube-prometheus-stack-alertmanager
Container Name config-reloader
Labels alertmanager=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/instance=kps-kube-prometheus-stack-alertmanager,app.kubernetes.io/managed-by=prometheus-operator,app.kubernetes.io/name=alertmanager,app.kubernetes.io/version=0.25.0,statefulset.kubernetes.io/pod-name=alertmanager-kps-kube-prometheus-stack-alertmanager-0

System access behavior Summary

Process Data

Src Process Destination Process Path Status
/usr/bin/containerd-shim-runc-v2 /bin/prometheus-config-reloader Allow

Network Behavior Summary

Ingress Connections

Protocol Command POD/SVC/IP Port Namespace Labels
TCPv6 /bin/alertmanager 10.42.0.1 9093

@rajaSahil rajaSahil merged commit fd20e2b into main Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rajaSahil @nyrahul
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载