update docs

contribution/development_guide.md

@@ -120,10 +120,10 @@
 
         - "Started to serve gRPC-based log feeds"
         - "Started to monitor system events"
-        - "Started to protect a host and containers"
+        - "Started to protect a host and containers" (if -enableHostPolicy is set)
         - "Started to monitor Pod events"
         - "Started to monitor security policies"
-        - "Started to monitor host security policies"
+        - "Started to monitor host security policies" (if -enableHostPolicy is set)
         - "Started to monitor {Docker|Containrd} events"
         - "Detected a Pod (added/...)"
 

getting-started/host_security_policy_examples.md

@@ -14,7 +14,6 @@ Here, we demonstrate how to define host security policies.
       nodeSelector:
         matchLabels:
           kubernetes.io/hostname: ubuntu20
-      severity: 5
       process:
         matchPaths:
         - path: /usr/bin/sleep # try sleep 1
@@ -36,7 +35,6 @@ Here, we demonstrate how to define host security policies.
       nodeSelector:
         matchLabels:
           kubernetes.io/hostname: ubuntu20
-      severity: 5
       file:
         matchPaths:
         - path: /etc/shadow # cat /etc/shadow

getting-started/host_security_policy_specification.md

@@ -11,11 +11,8 @@ metadata:
   name: [policy name]
 
 spec:
-  severity: [1-10]
-
-  tag:                                     # --> optional
-  - [tag]
-
+  severity: [1-10]                         # --> optional (1 by default)
+  tags: ["tag", ...]                       # --> optional
   message: [message]                       # --> optional
 
   nodeSelector:
@@ -82,7 +79,7 @@ spec:
       - dir: [absolute directory path]
         recursive: [true|false]
 
-  action: [Audit|Allow|Block|AllowWithAudit|BlockWithAudit]
+  action: [Audit|Allow|Block|AllowWithAudit|BlockWithAudit] (Block by default)
 ```
 
 ## Policy Spec Description
@@ -111,14 +108,12 @@ Now, we will briefly explain how to define a host security policy.
   severity: [1-10]
   ```
 
-* Tag
+* Tags
 
-  The tag part is optional. You can define multiple tags (e.g., WARNNING, SENSITIVE, MITRE, STIG, etc.) to categorize security policies.
+  The tags part is optional. You can define multiple tags (e.g., WARNNING, SENSITIVE, MITRE, STIG, etc.) to categorize security policies.
 
   ```text
-  tag:
-  - [tag1]
-  - [tagN]
+  tags: ["tag1", ..., "tagN"]
   ```
 
 * Message

getting-started/security_policy_examples.md

@@ -12,7 +12,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-group-1-proc-path-block
       namespace: multiubuntu
     spec:
-      severity: 5
       selector:
         matchLabels:
           group: group-1
@@ -35,7 +34,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-1-proc-dir-block
       namespace: multiubuntu
     spec:
-      severity: 1
       selector:
         matchLabels:
           container: ubuntu-1
@@ -58,7 +56,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-2-proc-dir-recursive-block
       namespace: multiubuntu
     spec:
-      severity: 2
       selector:
         matchLabels:
           container: ubuntu-2
@@ -82,7 +79,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-3-proc-dir-allow
       namespace: multiubuntu
     spec:
-      severity: 5
       selector:
         matchLabels:
           container: ubuntu-3
@@ -109,7 +105,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-3-proc-path-owner-allow
       namespace: multiubuntu
     spec:
-      severity: 7
       selector:
         matchLabels:
           container: ubuntu-3
@@ -142,7 +137,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-4-file-path-readonly-allow
       namespace: multiubuntu
     spec:
-      severity: 10
       selector:
         matchLabels:
           container: ubuntu-4
@@ -170,7 +164,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-5-file-dir-recursive-block
       namespace: multiubuntu
     spec:
-      severity: 9
       selector:
         matchLabels:
           container: ubuntu-5
@@ -194,7 +187,6 @@ Here, we demonstrate how to define security policies using our example microserv
         name: ksp-ubuntu-5-net-icmp-block
         namespace: multiubuntu
       spec:
-        severity: 8
         selector:
           matchLabels:
             container: ubuntu-5
@@ -217,7 +209,6 @@ Here, we demonstrate how to define security policies using our example microserv
       name: ksp-ubuntu-1-cap-net-raw-block
       namespace: multiubuntu
     spec:
-      severity: 1
       selector:
         matchLabels:
           container: ubuntu-1

getting-started/security_policy_specification.md

@@ -12,11 +12,8 @@ metadata:
   namespace: [namespace name]
 
 spec:
-  severity: [1-10]
-
-  tag:                                     # --> optional
-  - [tag]
-
+  severity: [1-10]                         # --> optional (1 by default)
+  tags: ["tag", ...]                       # --> optional
   message: [message]                       # --> optional
 
   selector:
@@ -83,7 +80,7 @@ spec:
       - dir: [absolute directory path]
         recursive: [true|false]
 
-  action: [Audit|Allow|Block|AllowWithAudit|BlockWithAudit]
+  action: [Audit|Allow|Block|AllowWithAudit|BlockWithAudit] (Block by default)
 ```
 
 ## Policy Spec Description
@@ -110,14 +107,12 @@ Now, we will briefly explain how to define a security policy.
   severity: [1-10]
   ```
 
-* Tag
+* Tags
 
-  The tag part is optional. You can define multiple tags (e.g., WARNNING, SENSITIVE, MITRE, STIG, etc.) to categorize security policies.
+  The tags part is optional. You can define multiple tags (e.g., WARNNING, SENSITIVE, MITRE, STIG, etc.) to categorize security policies.
 
   ```text
-  tag:
-  - [tag1]
-  - [tagN]
+  tags: ["tag1", ..., "tagN"]
   ```
 
 * Message