From dada3db3f2e55f0329aed1e543d55159c7119a98 Mon Sep 17 00:00:00 2001
From: Lorenzo Fontana <lo@linux.com>
Date: Thu, 12 Nov 2020 17:06:26 +0100
Subject: [PATCH] docs: adding the kubernetes privileged use case to use cases

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Co-Authored-By: Massimiliano Giovagnoli <massimiliano.giovagnoli.1992@gmail.com>
Co-Authored-By: Jonah Jones <jonahjones094@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 0af84e39..931ed242 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,7 @@ For example, Falco can easily detect incidents including but not limited to:
 - Unexpected read of a sensitive file, such as `/etc/shadow`.
 - A non-device file is written to `/dev`.
 - A standard system binary, such as `ls`, is making an outbound network connection.
+- A privileged pod is started in a Kubernetes cluster.
 
 ### Documentation