Add more curl download checks

Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>

rules/falco_rules.yaml

@@ -3095,7 +3095,14 @@
   condition: (never_true)
 
 -  macro: curl_download
-   condition: proc.name = curl and (proc.cmdline contains (" > ") or proc.cmdline contains (" >> ") or proc.cmdline contains (" | "))
+   condition: proc.name = curl and
+              (proc.cmdline contains (" > ") or
+              proc.cmdline contains (" >> ") or
+              proc.cmdline contains (" | ") or
+              proc.cmdline contains (" -o ") or
+              proc.cmdline contains (" --output ") or
+              proc.cmdline contains (" -O ") or
+              proc.cmdline contains (" --remote-name "))
 
 - rule: Launch Ingress Remote File Copy Tools in Container
   desc: Detect ingress remote file copy tools launched in container