From 65435d4418638176f68df9017df36cd5d94ba083 Mon Sep 17 00:00:00 2001
From: Stefano <stefano.chierici@sysdig.com>
Date: Tue, 12 Apr 2022 22:53:58 +0200
Subject: [PATCH] Removed use cases not triggering Signed-off-by: darryk10
 <stefano.chierici@sysdig.com> Co-authored-by: Brucedh
 <alessandro.brucato@sysdig.com> Co-authored-by: AlbertoPellitteri
 <alberto.pellitteri@sysdig.com>

---
 rules/falco_rules.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 10fecd00..f7ce61ae 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3110,10 +3110,7 @@
 
 -  macro: curl_download
    condition: proc.name = curl and
-              (proc.cmdline contains " > " or
-              proc.cmdline contains " >> " or
-              proc.cmdline contains " | " or
-              proc.cmdline contains " -o " or
+              (proc.cmdline contains " -o " or
               proc.cmdline contains " --output " or
               proc.cmdline contains " -O " or
               proc.cmdline contains " --remote-name ")