rule(list network_tool_binaries): delete ssh from the list

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2025-10-21 19:44:57 +00:00 · 2019-12-17 00:44:59 +09:00
parent 23a7203e50
commit cd94d05cd9
1 changed files with 1 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2281,7 +2281,7 @@
  tags: [network, k8s, container, mitre_port_knocking]

 - list: network_tool_binaries
-  items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, ssh, mitmproxy, socat]
+  items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, mitmproxy, socat]

 - macro: network_tool_procs
  condition: (proc.name in (network_tool_binaries))