Searching for Cluster Admission Events
This topic covers Qualys Query Language (QQL) tokens associated with the Cluster admission events. To know more about types of Searches, refer to How to Search in Container Security.
To know about Cluster Admission events QQLs, refer to Searching for Cluster Admission Events.
Searching for Cluster Admission Events
Use the search tokens below to search for Cluster Admission events.
policyUuidpolicyUuid
Enter the UUID of your Cluster Admission policy.
Example
Show cluster admission events with policy uuid.
policyUuid: 83aeab02-af46-4830-b599-5181c9c5ca62
policyVersionpolicyVersion
Enter the version of your policy.
Example
Show cluster admission events based on the policy version.
policyVersion: 12
policyResultEvaluationpolicyResultEvaluation
Enter the type of policy evaluation (PASSED, FAILED, NOT_EVALUATED).
Example
Find cluster admission events based on the policy evaluation.
policyResultsEvaluation: PASSED
policy.scopepolicy.scope
Enter the type of policy for your admission controller (Organization, Namespace, Cluster,No Policy).
Example
Show events based on policy type.
policy.scope: Namespace
k8sAdmissionController.namespace.namek8sAdmissionController.namespace.name
Enter the name of the namespace.
Example
Show cluster admission events based on the policy evaluated against the given namespace.
k8sAdmissionController.namespace.name: default
k8sAdmissionController.cluster.namek8sAdmissionController.cluster.name
Enter the name of the cluster.
Example
Show cluster admission events based on the policy evaluated against the given cluster.
k8sAdmissionController.cluster.name: azure_eu_1
k8sAdmissionController.enforcementActionk8sAdmissionController.enforcementAction
Enter the enforcement action value (AUDIT, BLOCK).
Example
Show cluster admission events based on the chosen enforcement action value.
k8sAdmissionController.enforcementAction: AUDIT
images.isMultiPlatformImageimages.isMultiPlatformImage
Enter the value to check if the image is available on multiplatform (true, false).
Example
Show cluster admission events based on the chosen ismultiplatformimage value.
images.isMultiPlatformImage: true