├── README.md
├── deployment
    ├── aws
    │   ├── .gitignore
    │   ├── Makefile
    │   ├── README.md
    │   ├── cluster-role-binding.yaml
    │   ├── cluster-role.yaml
    │   ├── lambda.tf
    │   ├── outputs.tf
    │   └── sns.tf
    ├── cncf
    │   ├── Makefile
    │   ├── README.md
    │   ├── cluster-role-binding.yaml
    │   ├── cluster-role.yaml
    │   ├── kubeless
    │   │   ├── kubeless-namespace.yaml
    │   │   ├── kubeless-v1.0.0-alpha.6.yaml
    │   │   └── nats-v1.0.0-alpha.6.yaml
    │   ├── nats
    │   │   ├── deployment-rbac.yaml
    │   │   └── nats-cluster.yaml
    │   └── network-policy.yaml
    └── google-cloud
    │   ├── .gitignore
    │   ├── Makefile
    │   ├── README.md
    │   └── pubsub.tf
├── falco-nats
    ├── .gitignore
    ├── Dockerfile
    ├── Makefile
    ├── README.md
    └── main.go
├── falco-pubsub
    ├── .gitignore
    ├── Dockerfile
    ├── Makefile
    ├── go.mod
    ├── go.sum
    └── main.go
├── falco-sns
    ├── .gitignore
    ├── Dockerfile
    ├── Makefile
    ├── README.md
    └── main.go
├── playbooks
    ├── .gitignore
    ├── Pipfile
    ├── Pipfile.lock
    ├── README.md
    ├── deploy_playbook
    ├── deploy_playbook_aws
    ├── deploy_playbook_gke
    ├── extra
    │   └── aws-iam-authenticator
    ├── functions
    │   ├── capture.py
    │   ├── delete.py
    │   ├── demisto.py
    │   ├── isolate.py
    │   ├── phantom.py
    │   ├── slack.py
    │   └── taint.py
    ├── playbooks
    │   ├── __init__.py
    │   ├── alert_subscriber.py
    │   └── infrastructure.py
    ├── setup.py
    └── specs
    │   ├── alert_subscriber_spec.py
    │   ├── infrastructure
    │       ├── demisto_client_spec.py
    │       ├── kubernetes_client_spec.py
    │       ├── phantom_client_spec.py
    │       └── slack_client_spec.py
    │   ├── playbooks
    │       ├── add_message_to_slack_playbook_spec.py
    │       ├── create_container_in_phantom_playbook_spec.py
    │       ├── create_incident_in_demisto_playbook_spec.py
    │       ├── delete_pod_playbook_spec.py
    │       ├── network_isolate_pod_playbook_spec.py
    │       ├── start_sysdig_capture_for_container_playbook_spec.py
    │       └── taint_node_playbook_spec.py
    │   └── support
    │       └── deployment.yaml
└── sysdig-capturer
    ├── Dockerfile
    ├── Makefile
    └── docker-entrypoint.sh


/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/README.md


--------------------------------------------------------------------------------
/deployment/aws/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/.gitignore


--------------------------------------------------------------------------------
/deployment/aws/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/Makefile


--------------------------------------------------------------------------------
/deployment/aws/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/README.md


--------------------------------------------------------------------------------
/deployment/aws/cluster-role-binding.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/cluster-role-binding.yaml


--------------------------------------------------------------------------------
/deployment/aws/cluster-role.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/cluster-role.yaml


--------------------------------------------------------------------------------
/deployment/aws/lambda.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/lambda.tf


--------------------------------------------------------------------------------
/deployment/aws/outputs.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/outputs.tf


--------------------------------------------------------------------------------
/deployment/aws/sns.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/aws/sns.tf


--------------------------------------------------------------------------------
/deployment/cncf/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/Makefile


--------------------------------------------------------------------------------
/deployment/cncf/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/README.md


--------------------------------------------------------------------------------
/deployment/cncf/cluster-role-binding.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/cluster-role-binding.yaml


--------------------------------------------------------------------------------
/deployment/cncf/cluster-role.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/cluster-role.yaml


--------------------------------------------------------------------------------
/deployment/cncf/kubeless/kubeless-namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 |   name: kubeless
6 | 


--------------------------------------------------------------------------------
/deployment/cncf/kubeless/kubeless-v1.0.0-alpha.6.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/kubeless/kubeless-v1.0.0-alpha.6.yaml


--------------------------------------------------------------------------------
/deployment/cncf/kubeless/nats-v1.0.0-alpha.6.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/kubeless/nats-v1.0.0-alpha.6.yaml


--------------------------------------------------------------------------------
/deployment/cncf/nats/deployment-rbac.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/nats/deployment-rbac.yaml


--------------------------------------------------------------------------------
/deployment/cncf/nats/nats-cluster.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/nats/nats-cluster.yaml


--------------------------------------------------------------------------------
/deployment/cncf/network-policy.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/cncf/network-policy.yaml


--------------------------------------------------------------------------------
/deployment/google-cloud/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/google-cloud/.gitignore


--------------------------------------------------------------------------------
/deployment/google-cloud/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/google-cloud/Makefile


--------------------------------------------------------------------------------
/deployment/google-cloud/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/google-cloud/README.md


--------------------------------------------------------------------------------
/deployment/google-cloud/pubsub.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/deployment/google-cloud/pubsub.tf


--------------------------------------------------------------------------------
/falco-nats/.gitignore:
--------------------------------------------------------------------------------
1 | falco-nats
2 | 


--------------------------------------------------------------------------------
/falco-nats/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-nats/Dockerfile


--------------------------------------------------------------------------------
/falco-nats/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-nats/Makefile


--------------------------------------------------------------------------------
/falco-nats/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-nats/README.md


--------------------------------------------------------------------------------
/falco-nats/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-nats/main.go


--------------------------------------------------------------------------------
/falco-pubsub/.gitignore:
--------------------------------------------------------------------------------
1 | falco-pubsub
2 | 


--------------------------------------------------------------------------------
/falco-pubsub/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-pubsub/Dockerfile


--------------------------------------------------------------------------------
/falco-pubsub/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-pubsub/Makefile


--------------------------------------------------------------------------------
/falco-pubsub/go.mod:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-pubsub/go.mod


--------------------------------------------------------------------------------
/falco-pubsub/go.sum:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-pubsub/go.sum


--------------------------------------------------------------------------------
/falco-pubsub/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-pubsub/main.go


--------------------------------------------------------------------------------
/falco-sns/.gitignore:
--------------------------------------------------------------------------------
1 | falco-sns
2 | 


--------------------------------------------------------------------------------
/falco-sns/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-sns/Dockerfile


--------------------------------------------------------------------------------
/falco-sns/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-sns/Makefile


--------------------------------------------------------------------------------
/falco-sns/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-sns/README.md


--------------------------------------------------------------------------------
/falco-sns/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/falco-sns/main.go


--------------------------------------------------------------------------------
/playbooks/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/.gitignore


--------------------------------------------------------------------------------
/playbooks/Pipfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/Pipfile


--------------------------------------------------------------------------------
/playbooks/Pipfile.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/Pipfile.lock


--------------------------------------------------------------------------------
/playbooks/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/README.md


--------------------------------------------------------------------------------
/playbooks/deploy_playbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/deploy_playbook


--------------------------------------------------------------------------------
/playbooks/deploy_playbook_aws:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/deploy_playbook_aws


--------------------------------------------------------------------------------
/playbooks/deploy_playbook_gke:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/deploy_playbook_gke


--------------------------------------------------------------------------------
/playbooks/extra/aws-iam-authenticator:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/extra/aws-iam-authenticator


--------------------------------------------------------------------------------
/playbooks/functions/capture.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/capture.py


--------------------------------------------------------------------------------
/playbooks/functions/delete.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/delete.py


--------------------------------------------------------------------------------
/playbooks/functions/demisto.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/demisto.py


--------------------------------------------------------------------------------
/playbooks/functions/isolate.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/isolate.py


--------------------------------------------------------------------------------
/playbooks/functions/phantom.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/phantom.py


--------------------------------------------------------------------------------
/playbooks/functions/slack.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/slack.py


--------------------------------------------------------------------------------
/playbooks/functions/taint.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/functions/taint.py


--------------------------------------------------------------------------------
/playbooks/playbooks/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/playbooks/__init__.py


--------------------------------------------------------------------------------
/playbooks/playbooks/alert_subscriber.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/playbooks/alert_subscriber.py


--------------------------------------------------------------------------------
/playbooks/playbooks/infrastructure.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/playbooks/infrastructure.py


--------------------------------------------------------------------------------
/playbooks/setup.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/setup.py


--------------------------------------------------------------------------------
/playbooks/specs/alert_subscriber_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/alert_subscriber_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/infrastructure/demisto_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/infrastructure/demisto_client_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/infrastructure/kubernetes_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/infrastructure/kubernetes_client_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/infrastructure/phantom_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/infrastructure/phantom_client_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/infrastructure/slack_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/infrastructure/slack_client_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/add_message_to_slack_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/add_message_to_slack_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/create_container_in_phantom_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/create_container_in_phantom_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/create_incident_in_demisto_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/create_incident_in_demisto_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/delete_pod_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/delete_pod_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/network_isolate_pod_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/network_isolate_pod_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/start_sysdig_capture_for_container_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/start_sysdig_capture_for_container_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/playbooks/taint_node_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/playbooks/taint_node_playbook_spec.py


--------------------------------------------------------------------------------
/playbooks/specs/support/deployment.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/playbooks/specs/support/deployment.yaml


--------------------------------------------------------------------------------
/sysdig-capturer/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/sysdig-capturer/Dockerfile


--------------------------------------------------------------------------------
/sysdig-capturer/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/sysdig-capturer/Makefile


--------------------------------------------------------------------------------
/sysdig-capturer/docker-entrypoint.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/kubernetes-response-engine/HEAD/sysdig-capturer/docker-entrypoint.sh


--------------------------------------------------------------------------------