Motivation
I'm monitoring Falco rule alerts via the Prometheus metric falcosecurity_falco_rules_matches_total, but it's difficult to identify which Kubernetes pods or namespaces triggered the alerts. I can see it in the logs of falco but not prometheus.
Was able to see it previously with falco_events from falco-exporter as k8s.ns.name and k8s.pod.name but that's deprecated now
Feature
I would like the falcosecurity_falco_rules_matches_total metric to include the following additional labels:
These should reflect the Kubernetes namespace and pod that triggered the Falco rule match, as already included in the event logs.
Additional context
Motivation
I'm monitoring Falco rule alerts via the Prometheus metric
falcosecurity_falco_rules_matches_total, but it's difficult to identify which Kubernetes pods or namespaces triggered the alerts. I can see it in the logs of falco but not prometheus.Was able to see it previously with falco_events from falco-exporter as k8s.ns.name and k8s.pod.name but that's deprecated now
Feature
I would like the
falcosecurity_falco_rules_matches_totalmetric to include the following additional labels:These should reflect the Kubernetes namespace and pod that triggered the Falco rule match, as already included in the event logs.
Additional context