Labs-use-falco-to-detect-threats

erdinesh1488 · August 11, 2023, 10:04am

Hi Team

unable to solve the question 11 in the lab(labs-use-falco-to-detect-threats). please reply with solution. Actually i update the path “/root/compromised_pods.txt” in /etc/falco/falco.yaml. but still my answer is incorrect. Please let me know how to name of the pod in to the file "/root/compromised_pods.txt** in the controlplane. The format used should be as follows:

namespace,podname

Question:
We just created a few new pods on this Kubernetes cluster. Identify the name of the pod that is running operations that falco considers to be suspicious.

Once identified, save the name of the pod in to the file "/root/compromised_pods.txt** in the controlplane. The format used should be as follows:

namespace,podname

Note: - It may take a few mins to get reflected on the logs.

Tej-Singh-Rana · August 11, 2023, 10:16am

Hi @erdinesh1488,
May I know what you have saved in the file? Can you please share it here?

Regards,

erdinesh1488 · August 11, 2023, 11:36am

Hi Tej

Unable to solve the question 11 in the lab(labs-use-falco-to-detect-threats). please reply with solution.

Actually i update the path “/root/compromised_pods.txt” in /etc/falco/falco.yaml. but still my answer is incorrect. Please let me know how to name of the pod in to the file "/root/compromised_pods.txt** in the controlplane. The format used should be as follows:

namespace,podname

Question:
We just created a few new pods on this Kubernetes cluster. Identify the name of the pod that is running operations that falco considers to be suspicious.

Once identified, save the name of the pod in to the file "/root/compromised_pods.txt** in the controlplane. The format used should be as follows:

namespace,podname

Tej-Singh-Rana · August 11, 2023, 12:06pm

This is not the correct way to complete the question. Please find the attached screenshot: