falco/list_append.yaml at 6078d4bd43e4b42a9889c2ccf9abc324ea0e8a42 - falco - Gitea: Git with a cup of tea at home

github/falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 19:44:57 +00:00

Files

Mark Stemm 0bc2d4f162 Automated tests for list append.

Test the case of appending to a list and appending to a nonexistent
list (should error).

2017-08-10 09:36:31 -07:00

12 lines

272 B

YAML

Raw Blame History

 - list: my_list
   items: [not-cat]
 - list: my_list
   append: true
   items: [cat]
 - rule: Open From Cat
   desc: A process named cat does an open
   condition: evt.type=open and proc.name in (my_list)
   output: "An open was seen (command=%proc.cmdline)"
   priority: WARNING