Skip to content

Commit

Permalink
fix(incubating_rules): revert #508
Browse files Browse the repository at this point in the history
Signed-off-by: Luca Guerra <[email protected]>
  • Loading branch information
LucaGuerra authored and poiana committed Aug 2, 2024
1 parent 068f0f2 commit 1d3cd24
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco-incubating_rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1300,7 +1300,7 @@
whether the syscall failed or succeeded, remove the direction filter and add the evt.arg.res_or_fd output field.
condition: >
evt.type=bpf and evt.dir=>
and evt.arg.cmd=BPF_PROG_LOAD
and (evt.arg.cmd=5 or evt.arg.cmd=BPF_PROG_LOAD)
and not bpf_profiled_procs
output: BPF Program Not Profiled (bpf_cmd=%evt.arg.cmd evt_type=%evt.type user=%user.name user_uid=%user.uid user_loginuid=%user.loginuid process=%proc.name proc_exepath=%proc.exepath parent=%proc.pname command=%proc.cmdline terminal=%proc.tty %container.info)
priority: NOTICE
Expand Down

0 comments on commit 1d3cd24

Please sign in to comment.