Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rule(macro user_known_set_setuid_or_setgid_bit_conditions): create macro
This macro will be useful because it will make it possible to filter out events with a higher degree of granularity than is currently possible for the `Set Setuid or Setgid bit` rule. For example, if some application is expected to set the setuid or the setgid bit under a specific condition, like if it's started with a specific command, then the `user_known_chmod_applications` list is not enough because we don't want to filter out _all_ events by this application, only specific ones. This macro allows that. Signed-off-by: Nicolas Marier <nmarier@coveo.com>
- Loading branch information