Falco + Knative drop pod if a connection to a C2 server is detected.
Inspired by:
- https://github.com/n3wscott/falco-drop
- https://falco.org/blog/falcosidekick-response-engine-part-3-knative/
Several methods can be used to build the container image
$ podman build -f Containerfile -t localhost/c2-drop:latest
export KO_DOCKER_REPO=mycustomreg.my.domain.net:5000
ko build --insecure-registry ./cmd/c2-drop/
Note: As of now, a
Makefileexists but it only builds the Go code. It is not used to build the container image.
TODO
See these issues:
Make sure the k8s API version
in your go.mod file matches the version supported by Knative.