From cd94d05cd9c4b852a5bad8f7651a3a1a1a94bb36 Mon Sep 17 00:00:00 2001
From: Hiroki Suezawa <suezawa@gmail.com>
Date: Tue, 17 Dec 2019 00:44:59 +0900
Subject: [PATCH] rule(list network_tool_binaries): delete ssh from the list

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 2a09254c..75a33f15 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2281,7 +2281,7 @@
   tags: [network, k8s, container, mitre_port_knocking]
 
 - list: network_tool_binaries
-  items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, ssh, mitmproxy, socat]
+  items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, mitmproxy, socat]
 
 - macro: network_tool_procs
   condition: (proc.name in (network_tool_binaries))