Читать книгу Cloud Native Security - Chris Binnie - Страница 36

You can also group rules and alerts with tags to help with identifying issues more clearly. The tagging also offers the ability to explicitly run only certain rules with the relevant tags, for example. The previous example is shown expanded next to include tags. The -T switch disables rules with a certain tag, and the lowercase -t switch means that you will only run those rules with the tags listed after that switch.

- rule: A custom rule desc: Rule description condition: container.privileged=true priority: WARNING tags: [database, cis]