Open ociappara opened 7 months ago
scottpas
commented
7 months ago +1 for this. I would love to be able to add a tag which I could use as part of my alerting workflow (e.g. adding the tag to a yara rule that would indicate it's something I always want to receive an alert for)
cccs-rs
commented
3 months ago What about mounting a custom tagging.py file to all containers on /var/lib/assemblyline/.local/lib/python3.11/site-packages/assemblyline/odm/models/tagging.py?
ociappara
commented
3 months ago Not sure I understand?
cccs-rs
commented
3 months ago Well you could basically fork the tagging.py which contains all the model validation for tags generated by services and mount them to the service containers via core.scaler.service_defaults.mounts.
In the Docker appliance, this could be a Docker volume mount and in Kubernetes, this could be saved in a ConfigMap that the pods will mount.
Assemblyline admins should be able to to extend the tags available in assemblyline through Values.yaml. This will allow context specific tags to be added without updating the main repository, giving users more control and customisations over their instance.