Ideas - Githubissues

I'll use this issue to list the ideas of features, feel free to propose yours and I'll add them if I think they're relevant:

[x] OpenTelemetry
- [x] Prometheus metrics
- [x] Traces
[ ] Authentication:
- [ ] Auth with Token
- [ ] Auth with mTLS
- [ ] TLS (cert + ca)
[x] dry-run option in the rule
[ ] New Actionners:
- [x] kubernetes:delete to delete resources other than Pods (secrets/configmaps/deployment/statefulset/replicaset/daemonset)
- [x] kubernetes:script to run a shell script in a pod
- [ ] kubernetes:disableuser disable a control plane user
- [x] kubernetes:log get last logs from a pod
- [ ] kubernetes:checkpoint create a checkpoint
- [x] kubernetes:tshark, kubernetes:tcpdump
- [x] kubernetes:cordon
- [x] kubernetes:drain
- [ ] ansible:playbook run an ansible playbook locally/remotely
- [ ] shell:command run a shell command locally
- [ ] shell:script run a shell script locally
- [x] aws:lambda run an AWS Lambda function
- [ ] aws:cli run an AWS CLI Command (maybe aws:command is a better name?)
- [x] calico:networkpolicy
- [x] cilium:networkpolicy
- [ ] gcp:cloudfunction
[ ] New Notifiers:
- [x] Elasticsearch
- [x] Loki
- [ ] Grafana Annotations
- [ ] Syslog
- [ ] AWS S3
[ ] Improvements
- [x] Allow to set http method and headers for the notifier webhook
- [x] Deduplication of received events
- [x] Allow to specify namespaces in the allow parameter of *:networkpolicy
[ ] UX:
- [x] Add a debug mode: only display the received event which match, except if debug=true
- [x] Check the unicity of the rule names
- [x] Alllow to use env vars for the static configuration
- [x] Allow sequential actions by rule
- [x] Allow to specify multiple rule files (with merge + override)
[ ] Docs:
- [x] Specify required fields in the events for the actionners
[ ] Tests:
- [ ] Unit tests
- [ ] Run the Units tests in GitHub Actions

falcosecurity / falco-talon

Ideas #136