This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Outputs

Outputs are the targets where to store the artifacts generated by some actionners

Some actionners allow or require an output section. The output is the target where to store the resulting artifact that might has been created by the actionner.

For example:

  • the actionner kubernetes:log just allows to set an output to store the collected logs, if nothing is set, then they are printed in the stdout inside the log line
  • the kubernetes:download requires an output to store the downloaded file from the pod.

The targets used by the Outputs as storage are named with the pattern category:service.

The category allows to group outputs in use and avoid multiple initializations (eg, multi Kubernetes API client, multi AWS clients, …).

1 - List of Outputs

Available outputs

The name of the output has to be used as value for the target field of the output section of the action.

local:file

  • Name: file
  • Category: local
  • Description: Store on local filesystem

Parameters

  • destination: (required) Destination folder for the file

Example

- action: Get logs of the pod
  actionner: kubernetes:download
  parameters:
    tail_lines: 200
  output:
    target: local:file
    parameters:
      destination: /var/logs/falco-talon/

aws:s3

  • Name: s3
  • Category: aws
  • Description: Store on AWS S3

Parameters

  • bucket: (required) Destination bucket
  • prefix: Prefix for the key
  • region: Region of the bucket

Permissions

{
  "Id": "Policy1724925555994",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1724925537082",
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Effect": "Allow",
      "Resource": [
            "arn:aws:s3:::${BucketName}/",
            "arn:aws:s3:::${BucketName}/*"
      ]
    }
  ]
}

Example

- action: Get logs of the pod
  actionner: kubernetes:download
  parameters:
    tail_lines: 200
  output:
    target: aws:s3
    parameters:
      bucket: falco-talon
      prefix: files
      region: eu-west-1

gcp:gcs

  • Name: gcs
  • Category: gcp
  • Description: Store on Google Cloud Storage

Parameters

  • bucket: (required) Destination bucket
  • prefix: Prefix for the object

Permissions

storage.objects.create
storage.objects.get
storage.objects.list
storage.objects.update

Example

- action: Get logs of the pod
  actionner: kubernetes:download
  parameters:
    tail_lines: 200
  output:
    target: gcp:gcs
    parameters:
      bucket: falco-talon
      prefix: files

minio:s3

  • Name: s3
  • Category: minio
  • Description: Store on Minio

Parameters

  • bucket: (required) Destination bucket
  • prefix: Prefix for the key

Example

- action: Get logs of the pod
  actionner: kubernetes:download
  parameters:
    tail_lines: 200
  output:
    target: minio:s3
    parameters:
      bucket: falco-talon
      prefix: /files