Читать книгу Cloud Native Security - Chris Binnie - Страница 35

The following are categories for rule priorities:

EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG

These categories will allow you to sort alerts into a more meaningful set of results and allow the ability to react accordingly. As we saw in the other rules, within your rules, you would add a line such as this within the following example pseudocode stanza:

- rule: A custom rule desc: Rule description condition: container.privileged=true priority: WARNING