mirror of
https://github.com/falcosecurity/falco.git
synced 2025-06-28 15:47:25 +00:00
Rule Update - Adds npm support
Adds `npm` to `package_mgmt_binaries` for detection of "living off the land" style attacks that utilize NPM pull down additional tooling Signed-off-by: rileydakota <dakotariley2@gmail.com>
This commit is contained in:
rileydakota
poiana
parent
f49a95f334
commit
7999e33aea
@ -225,7 +225,7 @@
|
|||||||
# The truncated dpkg-preconfigu is intentional, process names are
|
# The truncated dpkg-preconfigu is intentional, process names are
|
||||||
# truncated at the falcosecurity-libs level.
|
# truncated at the falcosecurity-libs level.
|
||||||
- list: package_mgmt_binaries
|
- list: package_mgmt_binaries
|
||||||
items: [rpm_binaries, deb_binaries, update-alternat, gem, pip, pip3, sane-utils.post, alternatives, chef-client, apk, snapd]
|
items: [rpm_binaries, deb_binaries, update-alternat, gem, npm, pip, pip3, sane-utils.post, alternatives, chef-client, apk, snapd]
|
||||||
|
|
||||||
- macro: package_mgmt_procs
|
- macro: package_mgmt_procs
|
||||||
condition: proc.name in (package_mgmt_binaries)
|
condition: proc.name in (package_mgmt_binaries)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user