From 625201f9f654e2ef0483d77adf212bcc65eb3ecf Mon Sep 17 00:00:00 2001
From: joon <pirxthepilot@users.noreply.github.com>
Date: Tue, 7 Jun 2022 23:18:24 -0700
Subject: [PATCH] Add Java compatibility note

Signed-off-by: joon <pirxthepilot@users.noreply.github.com>
---
 rules/falco_rules.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 6234f0df..77e24e0a 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3179,6 +3179,7 @@
   tags: [container, mitre_privilege_escalation, mitre_lateral_movement]
 
 # Rule for detecting potential Log4Shell (CVE-2021-44228) exploitation
+# Note: Not compatible with Java 17+, which uses read() syscalls
 - macro: java_network_read
   condition: (evt.type=recvfrom and fd.type in (ipv4, ipv6) and proc.name=java)