poiana
commented
7 months ago Welcome @uhei! It looks like this is your first PR to falcosecurity/plugins 🎉
Closed uhei closed 7 months ago
poiana
commented
7 months ago Welcome @uhei! It looks like this is your first PR to falcosecurity/plugins 🎉
leogr
commented
7 months ago cc @Issif
github-actions[bot]
commented
7 months ago Comparing 41a40af43757b968536dfb7a3d8222fb6116d341 with latest tag cloudtrail-0.11.0
No changes detected
leogr
commented
7 months ago cc @Issif @LucaGuerra
poiana
commented
7 months ago LGTM label has been added. Git tree hash: 3b1c543ed36edbb69f6a64bd4ae6312d54770666
leogr
commented
7 months ago /lgtm
@leogr do you think we should embed the plugin version bump up in that PR too?
I know there should be other planned changes to this plugin, so we can bump up in a later PR.
Btw, the PR SGTM, too. I will do a second look soon and then approve.
Thanks!
poiana
commented
7 months ago [APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Issif, leogr, uhei
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Add more fields as defined at https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area plugins
What this PR does / why we need it:
The current CloudTrail plugin is missing fields. This PR adds all currently defined fields according to https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html.
The fields
ct.addendum.*andct.edgedevicedetailsare untested due to missing events with these fields.Special notes for your reviewer:
The plugin has only been tested with falcodump, Logray and CloudTrail access via S3.