cre datasource consolidation

lsibilla · lsibilla · commit 66a20e32566b · 2025-09-29T18:10:39.000+02:00
diff --git a/rules/cre-2025-0034/datadog-agent-disabled-due-to.yaml b/rules/cre-2025-0034/datadog-agent-disabled-due-to.yaml
@@ -40,6 +40,6 @@ rules:
   rule:
     set:
       event:
-        source: cre.log.datadog
+        source: cre.log.datadog.agent
       match:
         - regex: .*DD_API_KEY undefined\. Metrics, logs and events will not be reported to DataDog.*
diff --git a/rules/cre-2025-0059/dd-cws-instrumentation-webhook-fails.yaml b/rules/cre-2025-0059/dd-cws-instrumentation-webhook-fails.yaml
@@ -43,7 +43,7 @@ rules:
   rule:
     set:
       event:
-        source: cre.log.datadog
+        source: cre.log.datadog.agent
       match:
         - regex: 'failed to register CWS Instrumentation webhook.*cluster_agent\.service_account_name'
 
diff --git a/rules/cre-2025-0060/dd-openmetrics-scrape-404.yaml b/rules/cre-2025-0060/dd-openmetrics-scrape-404.yaml
@@ -37,6 +37,6 @@ rules:
   rule:
     set:
       event:
-        source: cre.log.datadog
+        source: cre.log.datadog.agent
       match:
         - regex: "Error running check:.*http://[0-9.]+:7801/metrics: 404 Client Error: Not Found for url: http://[0-9.]+:7801/metrics"
diff --git a/rules/cre-2025-0069/kubernetes-fsgroup-nfs-ignored.yaml b/rules/cre-2025-0069/kubernetes-fsgroup-nfs-ignored.yaml
@@ -49,7 +49,7 @@ rules:
       set:
         window: 5s
         event:
-          source: cre.k8s.manifest
+          source: cre.prequel.kubernetes.resource.persistentvolumes.v1
         match:
           - jq: '.kind == "PersistentVolume" and (.spec.nfs != null)'
           - jq: >
diff --git a/rules/cre-2025-0071/coredns-unavailable-dns-outage.yaml b/rules/cre-2025-0071/coredns-unavailable-dns-outage.yaml
@@ -53,6 +53,6 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.kubernetes
+          source: cre.kubernetes
         match:
           - regex: "Scaled down replica set coredns-.+ from [1-9]+ to 0|Stopping container coredns|Readiness probe failed.+connection refused" 
diff --git a/rules/cre-2025-0099/redpanda-memory-startup-crash.yaml b/rules/cre-2025-0099/redpanda-memory-startup-crash.yaml
@@ -61,7 +61,7 @@ rules:
       sequence:
         window: "120s"
         event:
-          source: application-logs
+          source: cre.log.redpanda
           origin: true
         order:
           - permission_failures
diff --git a/rules/cre-2025-0119/kubernetes-pdb-violation.yaml b/rules/cre-2025-0119/kubernetes-pdb-violation.yaml
@@ -80,7 +80,7 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.kubernetes
+          source: cre.kubernetes
         window: 5m
         match:
           - regex: "Warning\\s+PodDisruptionBudgetViolation.+Pod disruption budget violation detected: maxUnavailable: \\d+ conflicts with minAvailable: \\d+"
@@ -92,7 +92,7 @@ rules:
       sequence:
         window: 10m
         event:
-          source: cre.log.kubernetes
+          source: cre.kubernetes
         order:
           - regex: "Normal\\s+ScalingReplicaSet.+Scaled up replica set.+"
           - regex: "Warning\\s+PodDisruptionBudgetViolation.+"
diff --git a/rules/cre-2025-0125/k8s-troubleshoot.yaml b/rules/cre-2025-0125/k8s-troubleshoot.yaml
@@ -45,7 +45,7 @@ rules:
       set:
         window: 180s
         event:
-          source: cre.log.kubernetes
+          source: cre.kubernetes
         match:
           - regex: 'Evented PLEG:.*DeadlineExceeded'
           - regex: 'panic: send on closed channel'
diff --git a/rules/cre-2025-0127/cre-exit-127.yaml b/rules/cre-2025-0127/cre-exit-127.yaml
@@ -39,6 +39,6 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.k8s
+          source: cre.kubernetes
         match:
           - regex: "^[^\\t]+\\t[^\\t/]+/[^\\t]+\\t[^\\t]+\\t[^\\t]*\\t127$"
diff --git a/rules/cre-2025-0134/cre-exit-134.yaml b/rules/cre-2025-0134/cre-exit-134.yaml
@@ -39,6 +39,6 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.k8s
+          source: cre.kubernetes
         match:
           - regex: "^[^\\t]+\\t[^\\t/]+/[^\\t]+\\t[^\\t]+\\t[^\\t]*\\t134$"
diff --git a/rules/cre-2025-0137/cre-exit-137.yaml b/rules/cre-2025-0137/cre-exit-137.yaml
@@ -45,6 +45,6 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.k8s      
+          source: cre.kubernetes
         match:
           - regex: "^[^\\t]+\\t[^\\t/]+/[^\\t]+\\t[^\\t]+\\tOOMKilled\\t137$"
diff --git a/rules/cre-2025-0139/cre-exit-139.yaml b/rules/cre-2025-0139/cre-exit-139.yaml
@@ -39,6 +39,6 @@ rules:
     rule:
       set:
         event:
-          source: cre.log.k8s
+          source: cre.kubernetes
         match:
           - regex: "^[^\\t]+\\t[^\\t/]+/[^\\t]+\\t[^\\t]+\\t[^\\t]*\\t139$"
