github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 10:26:40 +00:00
Code Issues Projects Releases Wiki Activity

Apply Kaizhe's code review

Browse Source 
Signed-off-by: Jean-Philippe Lachance <jplachance@coveo.com>
This commit is contained in:
Jean-Philippe Lachance 2019-12-03 16:30:56 -05:00 committed by Leo Di Donato
parent f97a33d40a
commit 418bcf2177
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -924,7 +924,7 @@
and not package_mgmt_procs
and not exe_running_docker_save
output: >
Repository files get updated (user=%user.name command=%proc.cmdline parent=%proc.pname pcmdline=%proc.pcmdline file=%fd.name newpath=%evt.arg.newpath container_id=%container.id image=%container.image.repository)
Repository files get updated (user=%user.name command=%proc.cmdline pcmdline=%proc.pcmdline file=%fd.name newpath=%evt.arg.newpath container_id=%container.id image=%container.image.repository)
priority:
NOTICE
tags: [filesystem, mitre_persistence]