From b6da9f2ffb3cfab3a4dc4e2db063968764ba0916 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Mon, 18 Sep 2023 12:23:23 +0000 Subject: [PATCH] only keep gcpaudit for test --- registry.yaml | 519 +++++++++++++++++++++++++------------------------- 1 file changed, 260 insertions(+), 259 deletions(-) diff --git a/registry.yaml b/registry.yaml index 20764ed5..582eb0f8 100644 --- a/registry.yaml +++ b/registry.yaml @@ -24,238 +24,6 @@ reserved_sources: ["syscall", "internal", "plugins"] # # License IDs refer to the SPDX License List at https://spdx.org/licenses plugins: - - name: k8saudit - description: Read Kubernetes Audit Events and monitor Kubernetes Clusters - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - keywords: - - audit - - audit-log - - audit-events - - kubernetes - url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit - rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 1 - source: k8s_audit - extraction: - supported: true - - name: cloudtrail - description: Reads Cloudtrail JSON logs from files/S3 and injects as events - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - keywords: - - audit - - user-activity - - api-usage - - aws - url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail - rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 2 - source: aws_cloudtrail - extraction: - supported: true - - name: json - description: Extract values from any JSON payload - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - keywords: - - json-events - - json-payload - - extractor - url: https://github.com/falcosecurity/plugins/tree/master/plugins/json - license: Apache-2.0 - capabilities: - extraction: - supported: true - - name: dummy - description: Reference plugin used to document interface - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 3 - source: dummy - extraction: - supported: true - - name: dummy_c - description: Like dummy, but written in C++ - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy_c - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 4 - source: dummy_c - extraction: - supported: true - - name: docker - description: Docker Events - authors: Thomas Labarussias - contact: https://github.com/Issif - maintainers: - - name: Thomas Labarussias - email: issif_github@gadz.org - keywords: - - docker-events - url: https://github.com/Issif/docker-plugin - rules_url: https://github.com/Issif/docker-plugin/tree/main/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 5 - source: docker - extraction: - supported: true - - name: seccompagent - description: Seccomp Agent Events - authors: Alban Crequy - contact: https://github.com/kinvolk/seccompagent - url: https://github.com/kinvolk/seccompagent - keywords: - - seccomp - - kinvolk - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 6 - source: seccompagent - extraction: - supported: true - - name: okta - description: Okta Log Events - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - keywords: - - audit - - log-events - - okta - url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta - rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 7 - source: okta - extraction: - supported: true - - name: github - description: Github Webhook Events - authors: The Falco Authors - contact: https://falco.org/community - maintainers: - - name: The Falco Authors - email: cncf-falco-dev@lists.cncf.io - keywords: - - audit - - log-events - - webhook - - github-activity - - github - url: https://github.com/falcosecurity/plugins/tree/master/plugins/github - rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/github/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 8 - source: github - extraction: - supported: true - - name: k8saudit-eks - description: Read Kubernetes Audit Events from AWS EKS Clusters - authors: The Falco Authors - contact: https://falco.org/community - url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-eks - rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules - license: Apache-2.0 - keywords: - - audit - - audit-log - - audit-events - - kubernetes - - eks - - aws - capabilities: - sourcing: - supported: true - id: 9 - source: k8s_audit - extraction: - supported: true - - name: nomad - description: Read Hashicorp Nomad Events Stream - authors: Alberto Llamas - contact: https://github.com/albertollamaso/nomad-plugin/issues - maintainers: - - name: Alberto Llamas - keywords: - - audit - - audit-events - - nomad - url: https://github.com/albertollamaso/nomad-plugin/tree/main - rules_url: https://github.com/albertollamaso/nomad-plugin/tree/main/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 10 - source: nomad - extraction: - supported: true - - name: dnscollector - description: DNS Collector Events - authors: Daniel Moloney - contact: https://github.com/SysdigDan/dnscollector-falco-plugin/issues - maintainers: - - name: Daniel Moloney - keywords: - - audit - - log-events - - dns - url: https://github.com/SysdigDan/dnscollector-falco-plugin - rules_url: https://github.com/SysdigDan/dnscollector-falco-plugin/tree/master/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 11 - source: dnscollector - extraction: - supported: true - name: gcpaudit description: Read GCP Audit Logs authors: The Falco Authors @@ -278,30 +46,263 @@ plugins: source: gcp_auditlog extraction: supported: true - - name: syslogsrv - description: Syslog Server Events - authors: Maksim Nabokikh - contact: https://github.com/nabokihms/syslogsrv-falco-plugin/issues - maintainers: - - name: Maksim Nabokikh - keywords: - - log-events - - syslog - url: https://github.com/nabokihms/syslogsrv-falco-plugin/tree/main/plugins/syslogsrv - rules_url: https://github.com/nabokihms/syslogsrv-falco-plugin/tree/main/rules - license: Apache-2.0 - capabilities: - sourcing: - supported: true - id: 13 - source: syslogsrv - extraction: - supported: true - - name: test - description: This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID - reserved: true - capabilities: - sourcing: - supported: true - id: 999 - source: test + # - name: k8saudit + # description: Read Kubernetes Audit Events and monitor Kubernetes Clusters + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # keywords: + # - audit + # - audit-log + # - audit-events + # - kubernetes + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit + # rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 1 + # source: k8s_audit + # extraction: + # supported: true + # - name: cloudtrail + # description: Reads Cloudtrail JSON logs from files/S3 and injects as events + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # keywords: + # - audit + # - user-activity + # - api-usage + # - aws + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail + # rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 2 + # source: aws_cloudtrail + # extraction: + # supported: true + # - name: json + # description: Extract values from any JSON payload + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # keywords: + # - json-events + # - json-payload + # - extractor + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/json + # license: Apache-2.0 + # capabilities: + # extraction: + # supported: true + # - name: dummy + # description: Reference plugin used to document interface + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 3 + # source: dummy + # extraction: + # supported: true + # - name: dummy_c + # description: Like dummy, but written in C++ + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy_c + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 4 + # source: dummy_c + # extraction: + # supported: true + # - name: docker + # description: Docker Events + # authors: Thomas Labarussias + # contact: https://github.com/Issif + # maintainers: + # - name: Thomas Labarussias + # email: issif_github@gadz.org + # keywords: + # - docker-events + # url: https://github.com/Issif/docker-plugin + # rules_url: https://github.com/Issif/docker-plugin/tree/main/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 5 + # source: docker + # extraction: + # supported: true + # - name: seccompagent + # description: Seccomp Agent Events + # authors: Alban Crequy + # contact: https://github.com/kinvolk/seccompagent + # url: https://github.com/kinvolk/seccompagent + # keywords: + # - seccomp + # - kinvolk + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 6 + # source: seccompagent + # extraction: + # supported: true + # - name: okta + # description: Okta Log Events + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # keywords: + # - audit + # - log-events + # - okta + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta + # rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 7 + # source: okta + # extraction: + # supported: true + # - name: github + # description: Github Webhook Events + # authors: The Falco Authors + # contact: https://falco.org/community + # maintainers: + # - name: The Falco Authors + # email: cncf-falco-dev@lists.cncf.io + # keywords: + # - audit + # - log-events + # - webhook + # - github-activity + # - github + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/github + # rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/github/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 8 + # source: github + # extraction: + # supported: true + # - name: k8saudit-eks + # description: Read Kubernetes Audit Events from AWS EKS Clusters + # authors: The Falco Authors + # contact: https://falco.org/community + # url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-eks + # rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules + # license: Apache-2.0 + # keywords: + # - audit + # - audit-log + # - audit-events + # - kubernetes + # - eks + # - aws + # capabilities: + # sourcing: + # supported: true + # id: 9 + # source: k8s_audit + # extraction: + # supported: true + # - name: nomad + # description: Read Hashicorp Nomad Events Stream + # authors: Alberto Llamas + # contact: https://github.com/albertollamaso/nomad-plugin/issues + # maintainers: + # - name: Alberto Llamas + # keywords: + # - audit + # - audit-events + # - nomad + # url: https://github.com/albertollamaso/nomad-plugin/tree/main + # rules_url: https://github.com/albertollamaso/nomad-plugin/tree/main/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 10 + # source: nomad + # extraction: + # supported: true + # - name: dnscollector + # description: DNS Collector Events + # authors: Daniel Moloney + # contact: https://github.com/SysdigDan/dnscollector-falco-plugin/issues + # maintainers: + # - name: Daniel Moloney + # keywords: + # - audit + # - log-events + # - dns + # url: https://github.com/SysdigDan/dnscollector-falco-plugin + # rules_url: https://github.com/SysdigDan/dnscollector-falco-plugin/tree/master/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 11 + # source: dnscollector + # extraction: + # supported: true + + # - name: syslogsrv + # description: Syslog Server Events + # authors: Maksim Nabokikh + # contact: https://github.com/nabokihms/syslogsrv-falco-plugin/issues + # maintainers: + # - name: Maksim Nabokikh + # keywords: + # - log-events + # - syslog + # url: https://github.com/nabokihms/syslogsrv-falco-plugin/tree/main/plugins/syslogsrv + # rules_url: https://github.com/nabokihms/syslogsrv-falco-plugin/tree/main/rules + # license: Apache-2.0 + # capabilities: + # sourcing: + # supported: true + # id: 13 + # source: syslogsrv + # extraction: + # supported: true + # - name: test + # description: This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID + # reserved: true + # capabilities: + # sourcing: + # supported: true + # id: 999 + # source: test