mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
0e31ae5bad
* Remove netstat as a generic network program We'll try to limit the list to programs that can broadly see activity or actually create traffic. * Rules for inbound conn sources, not outbound Replace "Unexpected outbound connection source" with "Unexpected inbound connection source" to watch inbound connections by source instead of outbound connections by source. The rule itself is pretty much unchanged other than switching to using cip/cnet instead of sip/snet. Expand the supporting macros so they include outbound/inbound in the name, to make it clearer.