From a2a4cbf586f45335721ddf49a728fbfb8d53534e Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Thu, 9 Nov 2017 14:17:38 -0800
Subject: [PATCH] Let endeca spawn shells in containers also

---
 rules/falco_rules.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 8be6f020..b7f2bc02 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1180,6 +1180,7 @@
     and not parent_python_running_localstack
     and not parent_python_running_zookeeper
     and not parent_docker_start_script
+    and not parent_java_running_endeca
   output: >
     Shell spawned in a container other than entrypoint (user=%user.name %container.info image=%container.image
     shell=%proc.name pcmdline=%proc.pcmdline cmdline=%proc.cmdline parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3])