1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: edge-siem
5 namespace: fluent-operator
6data:
7 edge-siem: |-
8 [
9 {
10 "namespace": "auth-proxy",
11 "pod": "auth-proxy",
12 "container": "auth-proxy",
13 "log_class": "audit",
14 "log_type": "auth-proxy",
15 "severity": "INFO",
16 "pattern": ""
17 },
18 {
19 "namespace": "auth-proxy",
20 "pod": "auth-proxy",
21 "container": "linkerd.*",
22 "log_class": "audit",
23 "log_type": "auth-proxy",
24 "severity": "INFO",
25 "pattern": ""
26 },
27 {
28 "namespace": "authserver",
29 "pod": "authserver",
30 "container": "authserver",
31 "log_class": "audit",
32 "log_type": "authserver",
33 "severity": "INFO",
34 "pattern": ""
35 },
36 {
37 "namespace": "authserver",
38 "pod": "authserver",
39 "container": "linkerd.*",
40 "log_class": "audit",
41 "log_type": "authserver",
42 "severity": "INFO",
43 "pattern": ""
44 },
45 {
46 "namespace": "couchctl",
47 "pod": "couchctl",
48 "container": "couchctl",
49 "log_class": "security",
50 "log_type": "couchctl",
51 "severity": "INFO",
52 "pattern": ""
53 },
54 {
55 "namespace": "couchctl",
56 "pod": "couchctl",
57 "container": "linkerd.*",
58 "log_class": "security",
59 "log_type": "couchctl",
60 "severity": "INFO",
61 "pattern": ""
62 },
63 {
64 "namespace": "cushion",
65 "pod": "cushion",
66 "container": "cushion",
67 "log_class": "security",
68 "log_type": "cushion",
69 "severity": "INFO",
70 "pattern": ""
71 },
72 {
73 "namespace": "cushion",
74 "pod": "cushion",
75 "container": "linkerd.*",
76 "log_class": "security",
77 "log_type": "cushion",
78 "severity": "INFO",
79 "pattern": ""
80 },
81 {
82 "namespace": "data-sync-connector",
83 "pod": "data-sync-connector",
84 "container": "shoot",
85 "log_class": "security",
86 "log_type": "shoot",
87 "severity": "INFO",
88 "pattern": ""
89 },
90 {
91 "namespace": "data-sync-connector",
92 "pod": "data-sync-connector",
93 "container": "linkerd.*",
94 "log_class": "security",
95 "log_type": "shoot",
96 "severity": "INFO",
97 "pattern": ""
98 },
99 {
100 "namespace": "data-sync-couchdb",
101 "pod": "data-sync-couchdb",
102 "container": "couchdb",
103 "log_class": "security",
104 "log_type": "couchdb",
105 "severity": "INFO",
106 "pattern": ""
107 },
108 {
109 "namespace": "data-sync-couchdb",
110 "pod": "data-sync-couchdb",
111 "container": "linkerd.*",
112 "log_class": "security",
113 "log_type": "couchdb",
114 "severity": "INFO",
115 "pattern": ""
116 },
117 {
118 "namespace": "data-sync-messaging",
119 "pod": "data-sync-messaging",
120 "container": "data-sync-messaging",
121 "log_class": "security",
122 "log_type": "data-sync-messaging",
123 "severity": "INFO",
124 "pattern": ""
125 },
126 {
127 "namespace": "data-sync-messaging",
128 "pod": "data-sync-messaging",
129 "container": "linkerd.*",
130 "log_class": "security",
131 "log_type": "data-sync-messaging",
132 "severity": "INFO",
133 "pattern": ""
134 },
135 {
136 "namespace": "edge-backend",
137 "pod": "ee-bff-golang",
138 "container": "edge-backend",
139 "log_class": "audit",
140 "log_type": "edge-backend",
141 "severity": "INFO",
142 "pattern": ""
143 },
144 {
145 "namespace": "edge-backend",
146 "pod": "ee-bff-golang",
147 "container": "linkerd.*",
148 "log_class": "audit",
149 "log_type": "edge-backend",
150 "severity": "INFO",
151 "pattern": ""
152 },
153 {
154 "namespace": "edge-bsl",
155 "pod": "edge-bsl",
156 "container": "edge-bsl",
157 "log_class": "security",
158 "log_type": "edge-bsl",
159 "severity": "INFO",
160 "pattern": ""
161 },
162 {
163 "namespace": "edge-bsl",
164 "pod": "edge-bsl",
165 "container": "linkerd.*",
166 "log_class": "security",
167 "log_type": "edge-bsl",
168 "severity": "INFO",
169 "pattern": ""
170 },
171 {
172 "namespace": "edge-iam",
173 "pod": "external-provider",
174 "container": "edge-iam-provider",
175 "log_class": "security",
176 "log_type": "edge-iam-provider",
177 "severity": "INFO",
178 "pattern": ""
179 },
180 {
181 "namespace": "edge-iam",
182 "pod": "external-provider",
183 "container": "linkerd.*",
184 "log_class": "security",
185 "log_type": "edge-iam-provider",
186 "severity": "INFO",
187 "pattern": ""
188 },
189 {
190 "namespace": "edge-iam",
191 "pod": "store-provider",
192 "container": "edge-iam-provider",
193 "log_class": "security",
194 "log_type": "edge-iam-provider",
195 "severity": "INFO",
196 "pattern": ""
197 },
198 {
199 "namespace": "edge-iam",
200 "pod": "store-provider",
201 "container": "linkerd.*",
202 "log_class": "security",
203 "log_type": "edge-iam-provider",
204 "severity": "INFO",
205 "pattern": ""
206 },
207 {
208 "namespace": "edge-iam",
209 "pod": "store-redis",
210 "container": "linkerd.*",
211 "log_class": "security",
212 "log_type": "edge-iam-redis",
213 "severity": "INFO",
214 "pattern": ""
215 },
216 {
217 "namespace": "edge-iam",
218 "pod": "store-redis",
219 "container": "redis",
220 "log_class": "security",
221 "log_type": "edge-iam-redis",
222 "severity": "INFO",
223 "pattern": ""
224 },
225 {
226 "namespace": "edge-iam",
227 "pod": "touchpoint-provider",
228 "container": "edge-iam-provider",
229 "log_class": "security",
230 "log_type": "edge-iam-provider",
231 "severity": "INFO",
232 "pattern": ""
233 },
234 {
235 "namespace": "edge-iam",
236 "pod": "touchpoint-provider",
237 "container": "linkerd.*",
238 "log_class": "security",
239 "log_type": "edge-iam-provider",
240 "severity": "INFO",
241 "pattern": ""
242 },
243 {
244 "namespace": "edge-iam",
245 "pod": "touchpoint-redis",
246 "container": "linkerd.*",
247 "log_class": "security",
248 "log_type": "edge-iam-redis",
249 "severity": "INFO",
250 "pattern": ""
251 },
252 {
253 "namespace": "edge-iam",
254 "pod": "touchpoint-redis",
255 "container": "redis",
256 "log_class": "security",
257 "log_type": "edge-iam-redis",
258 "severity": "INFO",
259 "pattern": ""
260 },
261 {
262 "namespace": "edge-ingress",
263 "pod": "emissary-ingress",
264 "container": "ambassador",
265 "log_class": "security",
266 "log_type": "ambassador",
267 "severity": "INFO",
268 "pattern": ""
269 },
270 {
271 "namespace": "edge-ingress",
272 "pod": "emissary-ingress",
273 "container": "linkerd.*",
274 "log_class": "security",
275 "log_type": "ambassador",
276 "severity": "INFO",
277 "pattern": ""
278 },
279 {
280 "namespace": "edge-ui",
281 "pod": "edge-ui",
282 "container": "edge-ui",
283 "log_class": "security",
284 "log_type": "edge-ui",
285 "severity": "INFO",
286 "pattern": ""
287 },
288 {
289 "namespace": "edge-ui",
290 "pod": "edge-ui",
291 "container": "linkerd.*",
292 "log_class": "security",
293 "log_type": "edge-ui",
294 "severity": "INFO",
295 "pattern": ""
296 },
297 {
298 "namespace": "emergencyaccess",
299 "pod": "authservice",
300 "container": "authservice",
301 "log_class": "audit",
302 "log_type": "oi-remotecli",
303 "severity": "INFO",
304 "pattern": "Authorize%sRequest%sCalled"
305 },
306 {
307 "namespace": "emergencyaccess",
308 "pod": "authservice",
309 "container": "authservice",
310 "log_class": "audit",
311 "log_type": "oi-remotecli",
312 "severity": "INFO",
313 "pattern": "Authorize%sCommand%sCalled"
314 },
315 {
316 "namespace": "emergencyaccess",
317 "pod": "authservice",
318 "container": "authservice",
319 "log_class": "audit",
320 "log_type": "oi-remotecli",
321 "severity": "INFO",
322 "pattern": "Authorize%sTarget%sCalled"
323 },
324 {
325 "namespace": "emergencyaccess",
326 "pod": "authservice",
327 "container": "authservice",
328 "log_class": "audit",
329 "log_type": "oi-remotecli",
330 "severity": "INFO",
331 "pattern": "Authorize%sUser%sCalled"
332 },
333 {
334 "namespace": "emergencyaccess",
335 "pod": "eagateway",
336 "container": "eagateway",
337 "log_class": "audit",
338 "log_type": "oi-remotecli",
339 "severity": "INFO",
340 "pattern": "Ending%sSession"
341 },
342 {
343 "namespace": "emergencyaccess",
344 "pod": "eagateway",
345 "container": "eagateway",
346 "log_class": "audit",
347 "log_type": "oi-remotecli",
348 "severity": "INFO",
349 "pattern": "Send%sAPI%sCalled"
350 },
351 {
352 "namespace": "emergencyaccess",
353 "pod": "eagateway",
354 "container": "eagateway",
355 "log_class": "audit",
356 "log_type": "oi-remotecli",
357 "severity": "INFO",
358 "pattern": "New%ssession%sstarted"
359 },
360 {
361 "namespace": "emergencyaccess",
362 "pod": "eagateway",
363 "container": "eagateway",
364 "log_class": "audit",
365 "log_type": "oi-remotecli",
366 "severity": "INFO",
367 "pattern": "Session%sended"
368 },
369 {
370 "namespace": "emissary",
371 "pod": "emissary-ingress",
372 "container": "ambassador",
373 "log_class": "security",
374 "log_type": "ambassador",
375 "severity": "INFO",
376 "pattern": ""
377 },
378 {
379 "namespace": "emissary",
380 "pod": "emissary-ingress",
381 "container": "linkerd.*",
382 "log_class": "security",
383 "log_type": "ambassador",
384 "severity": "INFO",
385 "pattern": ""
386 },
387 {
388 "namespace": "etcd-operator",
389 "pod": "etcd-operator",
390 "container": "etcd-operator",
391 "log_class": "audit",
392 "log_type": "etcd-operator",
393 "severity": "INFO",
394 "pattern": ""
395 },
396 {
397 "namespace": "etcd-operator",
398 "pod": "etcd-operator",
399 "container": "linkerd.*",
400 "log_class": "audit",
401 "log_type": "etcd-operator",
402 "severity": "INFO",
403 "pattern": ""
404 },
405 {
406 "namespace": "fim",
407 "pod": "samhain",
408 "container": "fim",
409 "log_class": "audit",
410 "log_type": "fim",
411 "severity": "INFO",
412 "pattern": ""
413 },
414 {
415 "namespace": "fim",
416 "pod": "samhain",
417 "container": "linkerd.*",
418 "log_class": "audit",
419 "log_type": "fim",
420 "severity": "INFO",
421 "pattern": ""
422 },
423 {
424 "namespace": "interlock",
425 "pod": "interlock",
426 "container": "interlock",
427 "log_class": "audit",
428 "log_type": "interlock",
429 "severity": "INFO",
430 "pattern": ""
431 },
432 {
433 "namespace": "interlock",
434 "pod": "interlock",
435 "container": "linkerd.*",
436 "log_class": "audit",
437 "log_type": "interlock",
438 "severity": "INFO",
439 "pattern": ""
440 },
441 {
442 "namespace": "kube-system",
443 "pod": "lan-outage",
444 "container": "lan-outage-detector",
445 "log_class": "audit",
446 "log_type": "lan-outage-detector",
447 "severity": "INFO",
448 "pattern": "entering%sLAN%sOutage%sMode"
449 },
450 {
451 "namespace": "kube-system",
452 "pod": "lan-outage",
453 "container": "lan-outage-detector",
454 "log_class": "audit",
455 "log_type": "lan-outage-detector",
456 "severity": "INFO",
457 "pattern": "entered%sLAN%sOutage%sMode%ssuccessfully"
458 },
459 {
460 "namespace": "kube-system",
461 "pod": "lan-outage",
462 "container": "lan-outage-detector",
463 "log_class": "audit",
464 "log_type": "lan-outage-detector",
465 "severity": "INFO",
466 "pattern": "leaving%sLAN%sOutage%sMode"
467 },
468 {
469 "namespace": "kube-system",
470 "pod": "lan-outage",
471 "container": "lan-outage-detector",
472 "log_class": "audit",
473 "log_type": "lan-outage-detector",
474 "severity": "INFO",
475 "pattern": "left%sLAN%sOutage%sMode%ssuccessfully"
476 },
477 {
478 "namespace": "patchctl",
479 "pod": "d-sds-patching",
480 "container": "linkerd.*",
481 "log_class": "security",
482 "log_type": "patchctl",
483 "severity": "INFO",
484 "pattern": ""
485 },
486 {
487 "namespace": "patchctl",
488 "pod": "d-sds-patching",
489 "container": "patchctl",
490 "log_class": "security",
491 "log_type": "patchctl",
492 "severity": "INFO",
493 "pattern": ""
494 },
495 {
496 "namespace": "pxe",
497 "pod": "dnsmasq-controller",
498 "container": "dnsmasq",
499 "log_class": "security",
500 "log_type": "dnsmasq",
501 "severity": "INFO",
502 "pattern": ""
503 },
504 {
505 "namespace": "pxe",
506 "pod": "dnsmasq-controller",
507 "container": "linkerd.*",
508 "log_class": "security",
509 "log_type": "dnsmasq",
510 "severity": "INFO",
511 "pattern": ""
512 },
513 {
514 "namespace": "pxe",
515 "pod": "pxe-controller",
516 "container": "pxe-controller",
517 "log_class": "audit",
518 "log_type": "pxeaudit",
519 "severity": "INFO",
520 "pattern": ""
521 },
522 {
523 "namespace": "pxe",
524 "pod": "pxe-controller",
525 "container": "linkerd.*",
526 "log_class": "audit",
527 "log_type": "pxeaudit",
528 "severity": "INFO",
529 "pattern": ""
530 },
531 {
532 "namespace": "sds",
533 "pod": "nodeagent",
534 "container": "linkerd.*",
535 "log_class": "security",
536 "log_type": "nodeagent",
537 "severity": "INFO",
538 "pattern": ""
539 },
540 {
541 "namespace": "sds",
542 "pod": "nodeagent",
543 "container": "nodeagent",
544 "log_class": "security",
545 "log_type": "nodeagent",
546 "severity": "INFO",
547 "pattern": ""
548 },
549 {
550 "namespace": "sequel",
551 "pod": "sequel",
552 "container": "linkerd.*",
553 "log_class": "audit",
554 "log_type": "sequel",
555 "severity": "INFO",
556 "pattern": ""
557 },
558 {
559 "namespace": "sequel",
560 "pod": "sequel",
561 "container": "sequel",
562 "log_class": "audit",
563 "log_type": "sequel",
564 "severity": "INFO",
565 "pattern": ""
566 },
567 {
568 "namespace": "vpn",
569 "pod": "wireguard-relay",
570 "container": "linkerd.*",
571 "log_class": "security",
572 "log_type": "wireguard",
573 "severity": "INFO",
574 "pattern": ""
575 },
576 {
577 "namespace": "vpn",
578 "pod": "wireguard-relay",
579 "container": "wireguard",
580 "log_class": "security",
581 "log_type": "wireguard",
582 "severity": "INFO",
583 "pattern": ""
584 },
585 {
586 "namespace": "vpn",
587 "pod": "wireguard-store",
588 "container": "linkerd.*",
589 "log_class": "security",
590 "log_type": "wireguard-store",
591 "severity": "INFO",
592 "pattern": ""
593 },
594 {
595 "namespace": "vpn",
596 "pod": "wireguard-store",
597 "container": "nginx",
598 "log_class": "security",
599 "log_type": "wireguard-store-nginx",
600 "severity": "INFO",
601 "pattern": ""
602 },
603 {
604 "namespace": "vpn",
605 "pod": "wireguard-store",
606 "container": "wireguard",
607 "log_class": "security",
608 "log_type": "wireguard-store",
609 "severity": "INFO",
610 "pattern": ""
611 },
612 {
613 "namespace": "vpn",
614 "pod": "wireguard-store",
615 "container": "linkerd.*",
616 "log_class": "security",
617 "log_type": "wireguard-store-nginx",
618 "severity": "INFO",
619 "pattern": ""
620 },
621 {
622 "namespace": "vpn",
623 "pod": "wireguardctl",
624 "container": "linkerd.*",
625 "log_class": "security",
626 "log_type": "wireguardctl",
627 "severity": "INFO",
628 "pattern": ""
629 },
630 {
631 "namespace": "vpn",
632 "pod": "wireguardctl",
633 "container": "wireguardctl",
634 "log_class": "security",
635 "log_type": "wireguardctl",
636 "severity": "INFO",
637 "pattern": ""
638 },
639 {
640 "namespace": "vnc",
641 "pod": "novnc",
642 "container": "gateway",
643 "log_class": "audit",
644 "log_type": "vnc",
645 "severity": "INFO",
646 "pattern": "VNC%suser%srequested%sauthorization"
647 },
648 {
649 "namespace": "vnc",
650 "pod": "novnc",
651 "container": "gateway",
652 "log_class": "audit",
653 "log_type": "vnc",
654 "severity": "INFO",
655 "pattern": "VNC%sconnection%svalidation%srequested"
656 },
657 {
658 "namespace": "vnc",
659 "pod": "novnc",
660 "container": "gateway",
661 "log_class": "audit",
662 "log_type": "vnc",
663 "severity": "INFO",
664 "pattern": "VNC%sconnection%sdisconnected"
665 }
666 ]
View as plain text