Merge pull request #943 from rohitrishim/es-3

ksp-audit-elasticsearch-cve-2019-7609

elastic/system/ksp-audit-elasticsearch-cve-2019-7609.yaml

@@ -0,0 +1,21 @@
+# KubeArmor is an open source software that enables you to protect your cloud workload at run-time.
+# To learn more about KubeArmor visit: 
+# https://www.accuknox.com/kubearmor/ 
+
+apiVersion: security.kubearmor.com/v1
+kind: KubeArmorPolicy
+metadata:
+  name: ksp-audit-elasticsearch-cve-2019-7609
+  namespace: default # Change your namespace
+spec:
+  tags: ["elastic search","cve-2019-7609", "Arbitrary Code Execution"]
+  message: "Alert! elasticsearch Arbitrary Code Execution "
+  selector:
+    matchLabels:
+      container: elastic # Change your labels
+  process:
+    matchPatterns:
+    - pattern: /**/timelion/run
+    - pattern: /**/**/timelion/run
+    - pattern: /**/**/api/timelion/run
+    action: Audit