github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-05 10:56:47 +00:00
Code Issues Projects Releases Wiki Activity

rule(list network_tool_binaries): delete ssh from the list

Browse Source 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
This commit is contained in:
Hiroki Suezawa 2019-12-17 00:44:59 +09:00 committed by Lorenzo Fontana
parent 23a7203e50
commit cd94d05cd9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/falco_rules.yaml
View File

@ -2281,7 +2281,7 @@
tags: [network, k8s, container, mitre_port_knocking] tags: [network, k8s, container, mitre_port_knocking]
- list: network_tool_binaries - list: network_tool_binaries
items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, ssh, mitmproxy, socat] items: [nc, ncat, nmap, dig, tcpdump, tshark, ngrep, telnet, mitmproxy, socat]
- macro: network_tool_procs - macro: network_tool_procs
condition: (proc.name in (network_tool_binaries)) condition: (proc.name in (network_tool_binaries))