mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 12:27:10 +00:00
0a69fc0c85
Tag the existing ruleset to group tags in a meaningful way. The added tags are: - filesystem: the rule relates to reading/writing files - sofware_mgmt: the rule relates to any software/package management tool like rpm, dpkg, etc. - process: the rule relates to starting a new process or changing the state of a current process. - database: the rule relates to databases - host: the rule *only* works outside of containers - shell: the rule specifically relates to starting shells - container: the rule *only* works inside containers - cis: the rule is related to the CIS Docker benchmark. - users: the rule relates to management of users or changing the identity of a running process. - network: the rule relates to network activity Rules can have multiple tags if they relate to multiple of the above. Rules do not have to have tags, although all the current rules do.