github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity
Files
rules-fp-fixes-2021-02
falco/rules
History
Mark Stemm e7c7a9b12d rule(Launch Package Management...): add sysdig nia 
Example falco alert:

Package management process launched in container (user=root
user_loginuid=-1 command=rpm
--dbpath=/analysis_scratch/de10314b-70bb-4149-802e-1c2c3d47f23c/rpmtmp/rpmdbfinal/var/lib/rpm
-qa --queryformat
[%{FILENAMES}|ANCHORETOK|%{FILEDIGESTS}|ANCHORETOK|%{FILEMODES:octal}|ANCHORETOK|%{FILEGROUPNAME}|ANCHORETOK|%{FILEUSERNAME}|ANCHORETOK|%{FILESIZES}|ANCHORETOK|%{=NAME}|ANCHORETOK|%{FILEFLAGS:fflags}|ANCHORETOK|%{=FILEDIGESTALGO}\n]
container_id=3748cd603f28 container_name=sysdig-image-analyzer image=quay.io/sysdig/node-image-analyzer:latest)

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2021-02-10 11:16:39 -08:00
..
application_rules.yaml
update: license headers
2019-10-08 16:02:26 +02:00
CMakeLists.txt
build(rules): fix rules etc dir
2020-09-10 15:01:07 +02:00
falco_rules.local.yaml
update: license headers
2019-10-08 16:02:26 +02:00
falco_rules.yaml
rule(Launch Package Management...): add sysdig nia
2021-02-10 11:16:39 -08:00
k8s_audit_rules.yaml
add eks:node-manager to allowed_k8s_users list
2021-02-04 17:33:54 +01:00
OWNERS
docs: specify labels that apply to each area
2019-09-16 10:11:25 +02:00