check_alerts_of_incident, timeout: 3 minutes, error: Failed to get unique values of alerts {"guid": "6e908fb7-f113-40a6-ba1a-6d85877ba107", "name": "Unexpected process launched", "attributes": {"incidentStatus": "completed"}, "updatedTime": "2024-10-01T12:18:29Z", "spiffe": "wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep", "resourceID": "", "designators": {"designatorType": "Attributes", "wlid": "wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep", "attributes": {"cluster": "kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b", "clusterShortName": "kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b", "containerName": "redis", "customerGUID": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833", "kind": "Deployment", "name": "redis-sleep", "namespace": "systest-ns-h6zi", "nodeName": "systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane", "originalCacheEntry": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833/kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane/wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep/redis/6e908fb7-f113-40a6-ba1a-6d85877ba107", "podName": "redis-sleep-7bd7d4785f-9wzxs"}}, "arguments": {"args": ["/bin/ls", "-l", "/tmp"], "exec": "/bin/ls", "retval": 0}, "infectedPID": 12971, "fixSuggestions": "If this is a valid behavior, please add the exec call \"/bin/ls\" to the whitelist in the application profile for the Pod \"redis-sleep-7bd7d4785f-9wzxs\". You can use the following command: kubectl patch applicationprofile replicaset-redis-sleep-7bd7d4785f --namespace systest-ns-h6zi --type merge -p '{\"spec\": {\"containers\": [{\"name\": \"redis\", \"execs\": [{\"path\": \"/bin/ls\", \"args\": [\"/bin/ls\",\"-l\",\"/tmp\"]}]}]}}'", "severity": 5, "timestamp": "2024-10-01T12:15:58.665Z", "nanoseconds": 1727784958665746026, "ruleDescription": "Unexpected process launched: /bin/ls in: redis", "kind": {"Group": "", "Version": "", "Kind": ""}, "resource": {"Group": "", "Version": "", "Resource": ""}, "clusterName": "kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b", "containerName": "redis", "hostNetwork": false, "image": "docker.io/library/redis@sha256:92f3e116c1e719acf78004dd62992c3ad56f68f810c93a8db3fe2351bb9722c2", "imageDigest": "sha256:a5b1aed421143f36e2445cb2def7135ab7edb69eaa8066d07c3fa344f1052902", "namespace": "systest-ns-h6zi", "nodeName": "systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane", "containerID": "8d082191acdb451b833f8435fd6f15df8bdc3c1eb53a1df2f33f488f4d9abe28", "podName": "redis-sleep-7bd7d4785f-9wzxs", "podNamespace": "systest-ns-h6zi", "podLabels": {"app": "redis-sleep", "pod-template-hash": "7bd7d4785f"}, "workloadName": "redis-sleep", "workloadNamespace": "systest-ns-h6zi", "workloadKind": "Deployment", "alertType": 0, "ruleID": "R0001", "hostName": "", "message": "Unexpected process launched: /bin/ls in: redis", "incidentCategory": "Anomaly", "incidentTypeID": "I013", "policiesApplied": [{"guid": "17794a36-9303-4692-9d6c-8ef419ae0d43", "name": "Anomaly", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": []}], "creationTimestamp": "2024-10-01T12:15:59.009Z", "description": "A process was launched that is not expected to run in the environment.", "mitreTactic": "TA0002", "incidentSeverity": "Medium", "severityScore": 300, "isDismissed": false, "markedAsFalsePositive": false, "processTree": {"processTree": {"pid": 12971, "cmdline": "/bin/ls -l /tmp", "comm": "ls", "ppid": 12962, "pcomm": "runc", "hardlink": "/bin/busybox", "uid": 0, "gid": 0, "upperLayer": false, "cwd": "/data", "path": "/bin/ls"}, "uniqueID": 0, "containerID": "8d082191acdb451b833f8435fd6f15df8bdc3c1eb53a1df2f33f488f4d9abe28"}} {"fields": {"ruleID": ["R0001", "R0004"]}, "fieldsCount": {"ruleID": [{"key": "R0001", "count": 1}, {"key": "R0004", "count": 2}]}}. kwargs: '{'incident': {'guid': '6e908fb7-f113-40a6-ba1a-6d85877ba107', 'name': 'Unexpected process launched', 'attributes': {'incidentStatus': 'completed'}, 'updatedTime': '2024-10-01T12:18:29Z', 'spiffe': 'wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep', 'resourceID': '', 'designators': {'designatorType': 'Attributes', 'wlid': 'wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep', 'attributes': {'cluster': 'kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b', 'clusterShortName': 'kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b', 'containerName': 'redis', 'customerGUID': '3f4a257e-11ea-4cee-8bc0-ca8daa65a833', 'kind': 'Deployment', 'name': 'redis-sleep', 'namespace': 'systest-ns-h6zi', 'nodeName': 'systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane', 'originalCacheEntry': '3f4a257e-11ea-4cee-8bc0-ca8daa65a833/kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane/wlid://cluster-kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b/namespace-systest-ns-h6zi/deployment-redis-sleep/redis/6e908fb7-f113-40a6-ba1a-6d85877ba107', 'podName': 'redis-sleep-7bd7d4785f-9wzxs'}}, 'arguments': {'args': ['/bin/ls', '-l', '/tmp'], 'exec': '/bin/ls', 'retval': 0}, 'infectedPID': 12971, 'fixSuggestions': 'If this is a valid behavior, please add the exec call "/bin/ls" to the whitelist in the application profile for the Pod "redis-sleep-7bd7d4785f-9wzxs". You can use the following command: kubectl patch applicationprofile replicaset-redis-sleep-7bd7d4785f --namespace systest-ns-h6zi --type merge -p \'{"spec": {"containers": [{"name": "redis", "execs": [{"path": "/bin/ls", "args": ["/bin/ls","-l","/tmp"]}]}]}}\'', 'severity': 5, 'timestamp': '2024-10-01T12:15:58.665Z', 'nanoseconds': 1727784958665746026, 'ruleDescription': 'Unexpected process launched: /bin/ls in: redis', 'kind': {'Group': '', 'Version': '', 'Kind': ''}, 'resource': {'Group': '', 'Version': '', 'Resource': ''}, 'clusterName': 'kind-systests-5af0d603-69e0-42af-9d79-e8a7425ea45b', 'containerName': 'redis', 'hostNetwork': False, 'image': 'docker.io/library/redis@sha256:92f3e116c1e719acf78004dd62992c3ad56f68f810c93a8db3fe2351bb9722c2', 'imageDigest': 'sha256:a5b1aed421143f36e2445cb2def7135ab7edb69eaa8066d07c3fa344f1052902', 'namespace': 'systest-ns-h6zi', 'nodeName': 'systests-5af0d603-69e0-42af-9d79-e8a7425ea45b-control-plane', 'containerID': '8d082191acdb451b833f8435fd6f15df8bdc3c1eb53a1df2f33f488f4d9abe28', 'podName': 'redis-sleep-7bd7d4785f-9wzxs', 'podNamespace': 'systest-ns-h6zi', 'podLabels': {'app': 'redis-sleep', 'pod-template-hash': '7bd7d4785f'}, 'workloadName': 'redis-sleep', 'workloadNamespace': 'systest-ns-h6zi', 'workloadKind': 'Deployment', 'alertType': 0, 'ruleID': 'R0001', 'hostName': '', 'message': 'Unexpected process launched: /bin/ls in: redis', 'incidentCategory': 'Anomaly', 'incidentTypeID': 'I013', 'policiesApplied': [{'guid': '17794a36-9303-4692-9d6c-8ef419ae0d43', 'name': 'Anomaly', 'enabled': False, 'scope': {}, 'ruleSetType': '', 'updatedBy': '', 'notifications': None, 'actions': []}], 'creationTimestamp': '2024-10-01T12:15:59.009Z', 'description': 'A process was launched that is not expected to run in the environment.', 'mitreTactic': 'TA0002', 'incidentSeverity': 'Medium', 'severityScore': 300, 'isDismissed': False, 'markedAsFalsePositive': False, 'processTree': {'processTree': {'pid': 12971, 'cmdline': '/bin/ls -l /tmp', 'comm': 'ls', 'ppid': 12962, 'pcomm': 'runc', 'hardlink': '/bin/busybox', 'uid': 0, 'gid': 0, 'upperLayer': False, 'cwd': '/data', 'path': '/bin/ls'}, 'uniqueID': 0, 'containerID': '8d082191acdb451b833f8435fd6f15df8bdc3c1eb53a1df2f33f488f4d9abe28'}}}'