Red Hat Advanced Cluster Security for Kubernetes sample event messages

{"alert": {"id":"f92601a5-83ec-47b3-856b-1000cd381b0d","policy":{"id":"8ac93556-4ad4-4220-a275-3f518db0ceb9","name":"Container using read-write root filesystem","description":"Alert on deployments with containers with read-write root filesystem","rationale":"Containers running with read-write root filesystem represent greater post-exploitation risk by allowing an attacker to modify important files in the container.","remediation":"Use a read-only root filesystem, and use volume mounts to allow writes to specific sub-directories depending on your application's needs.","categories":["Privileges","Docker CIS"],"lifecycleStages":["DEPLOY"],"exclusions":[{"name":"Don't alert on kube-system namespace","deployment":{"scope":{"namespace":"kube-system"}}},{"name":"Don't alert on istio-system namespace","deployment":{"scope":{"namespace":"istio-system"}}},{"name":"Don't alert on openshift-node namespace","deployment":{"scope":{"namespace":"openshift-node"}}},{"name":"Don't alert on openshift-sdn namespace","deployment":{"scope":{"namespace":"openshift-sdn"}}},{"deployment":{"name":"mastercard-processor"}},{"deployment":{"name":"community-operators-884t8"}}],"severity":"MEDIUM_SEVERITY","notifiers":["58c8b9ba-0d96-4dd4-a3fe-d9b9931ab788","e892ed00-de0f-40b7-b309-45fc6de7bcfa"],"lastUpdated":"2021-04-29T14:45:56.095158050Z","SORTName":"Container using read-write root filesystem","SORTLifecycleStage":"DEPLOY","policyVersion":"1.1","policySections":[{"policyGroups":[{"fieldName":"Read-Only Root Filesystem","values":[{"value":"false"}]}]}]},"deployment":{"id":"47e90a53-3aeb-4e0b-a4cd-bf7819f3a2b5","name":"community-operators-kbw79","type":"Pod","namespace":"openshift-marketplace","namespaceId":"23ab4c01-9553-40f7-871b-d9a39317bb90","labels":{"catalogsource.operators.coreos.com/update":"community-operators","olm.catalogSource":""},"clusterId":"916b38c2-fa71-45cf-9726-1d6b227858b3","clusterName":"production","containers":[{"image":{"name":{"registry":"registry.redhat.io","remote":"redhat/community-operator-index","tag":"v4.7","fullName":"registry.redhat.io/redhat/community-operator-index:v4.7"}},"name":"registry-server"}],"annotations":{"openshift.io/scc":"anyuid"}},"violations":[{"message":"Container 'registry-server' uses a read-write root filesystem"}],"time":"2021-05-05T15:16:15.612525111Z","firstOccurred":"2021-05-05T15:16:15.617034472Z"}}

{"audit": {"time":"2021-05-06T18:53:37.725743614Z","status":"REQUEST_SUCCEEDED","user":{"friendlyName":"admin","permissions":{"name":"Admin","globalAccess":"READ_WRITE_ACCESS"},"roles":[{"name":"Admin","globalAccess":"READ_WRITE_ACCESS"}],"role":{"name":"Admin","globalAccess":"READ_WRITE_ACCESS"}},"request":{"endpoint":"/v1/networkbaseline/ebaf8cc8-6dce-46a6-931d-c98d1ecad26f/status","method":"POST","payload":{"@type":"v1.NetworkBaselineStatusRequest","deploymentId":"ebaf8cc8-6dce-46a6-931d-c98d1ecad26f","peers":[{"entity":{"id":"dd550035-eb16-45be-80e0-45d4993358fc","type":"DEPLOYMENT"},"port":7777,"protocol":"L4_PROTOCOL_TCP","ingress":true},{"entity":{"id":"f2eed5c7-7a19-4863-8b64-9257416917be","type":"DEPLOYMENT"},"port":8080,"protocol":"L4_PROTOCOL_TCP"},{"entity":{"id":"5951f034-ca72-4613-bf11-dd5659882a3a","type":"DEPLOYMENT"},"port":8080,"protocol":"L4_PROTOCOL_TCP"}]}},"method":"UI","interaction":"CREATE"}}