Skip to content

Instantly share code, notes, and snippets.

@nyrahul

nyrahul/kubearmor-alert.json

Created November 14, 2025 03:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nyrahul/642dd3b142bc60d10bf7d9ef467cac0d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nyrahul/642dd3b142bc60d10bf7d9ef467cac0d to your computer and use it in GitHub Desktop.
Download ZIP
kubearmor-alert.json
Raw
kubearmor-alert.json
{"Action":"Audit","ClusterName":"rj-prox-pandora","ContainerID":"53d1d2024ac5fdc83507471461b0a33eac5e42ebf400431cea1176c91a030825","ContainerImage":"docker.io/kubeedge/iptables-manager:v1.21.0@sha256:4a8466bdf5c9425a51f4fc52c5f3f258eaee1a4f7980914f03d1deef658185a3","ContainerName":"iptables-manager","Cwd":"/","Data":"syscall=SYS_EXECVE","Enforcer":"eBPF Monitor","HostName":"ubuntu24-k3s1-node2","HostPID":2446915,"HostPPID":228824,"Labels":"k8s-app=iptables-manager,kubeedge=iptables-manager","Message":"Detected use of network packet manipulation tool","NamespaceName":"kubeedge","Operation":"Process","Owner":{"Name":"cloud-iptables-manager","Namespace":"kubeedge","Ref":"DaemonSet"},"PID":115661,"PPID":21,"ParentProcessName":"/usr/local/bin/iptables-manager","PodName":"cloud-iptables-manager-pmsjf","PolicyName":"harden-audit-network-packet-tools","ProcessName":"/usr/sbin/iptables","Resource":"/usr/sbin/iptables -w 5 -W 100000 -C PREROUTING -t nat -m comment --comment kubeedge tunnel port -j TUNNEL-PORT","Result":"Passed","Severity":"3","Source":"/usr/local/bin/iptables-manager","Suppressed":false,"Tags":"MITRE_T1562_IMPAIR_DEFENSE,NIST_CM-7,PCI_DSS_10.2.6","Timestamp":1763033280,"Type":"MatchedPolicy","UID":0,"_id":"6915c0c1c340a416105cff2d","cluster_id":"89035","component_name":"kubearmor","instanceGroup":"0","instanceID":"0","tenant_id":"3730","workload":"1"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment