From f43e6c445aad1ab735ecd74a723acadfee926d2d Mon Sep 17 00:00:00 2001
From: Oscar Utbult <oscar.utbult@gmail.com>
Date: Wed, 9 Nov 2022 15:18:46 +0100
Subject: [PATCH] rules: add OpenSSH private key to macro
 private_key_or_password

Signed-off-by: Oscar Utbult <oscar.utbult@gmail.com>
---
 rules/falco_rules.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 12edba28..773c6286 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2548,6 +2548,7 @@
 - macro: private_key_or_password
   condition: >
     (proc.args icontains "BEGIN PRIVATE" or
+     proc.args icontains "BEGIN OPENSSH PRIVATE" or
      proc.args icontains "BEGIN RSA PRIVATE" or
      proc.args icontains "BEGIN DSA PRIVATE" or
      proc.args icontains "BEGIN EC PRIVATE" or