From 43f7ee00fb7b870ad960399cb8e9d0a90edd414f Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Thu, 9 Nov 2017 14:10:14 -0800
Subject: [PATCH] Add an additional ics script ics_status.sh

---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 63871eb9..2975ce82 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -410,7 +410,7 @@
   condition: (proc.pname=perl and proc.aname[2]=cpanm)
 
 - macro: ics_running_java
-  condition: (proc.pname=java and proc.aname[3] in (ics_start.sh,ics_stop.sh))
+  condition: (proc.pname=java and proc.aname[3] in (ics_start.sh,ics_stop.sh,ics_status.sh))
 
 - macro: jenkins_scripts
   condition: (proc.pcmdline startswith "script.sh -xe /var/jenkins_home" or