Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default Rule adjustments #593

Merged

Conversation

Projects
None yet
4 participants
@natalysheinin
Copy link
Contributor

commented May 3, 2019

Overview

Correcting typo in - rule: Launch Suspicious Network Tool in Container and updating and including the google accounts daemon in the Read sensitive file untrusted rule.

Reference

New versions of gke have the google_accounts daemon running stuff at
proc.aname[3]

falco-CLA-1.0-signed-off-by: Nataly Sheinin <sheininn@gmail.com>
correcting typo and including google accounts daemons in Read sensitive file untrusted

@mfdii mfdii requested a review from Kaizhe May 3, 2019

@Kaizhe

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

@natalysheinin thank you for the input. Could you please also include a sample output(the FP case) with the original rules ? I think this will be served a good record to this PR.

@fntlnz fntlnz added the area/rules label May 15, 2019

@fntlnz fntlnz self-requested a review May 29, 2019

@mfdii

This comment has been minimized.

Copy link
Member

commented May 29, 2019

@Kaizhe I spoke with @natalysheinin at Kubecon. Because the rules have been modified to remove the alert,they no longer has a sample to send us. Can we merge this?

@Kaizhe Kaizhe merged commit 45241e7 into falcosecurity:dev May 29, 2019

1 check passed

Travis CI - Pull Request Build Passed
Details
@Kaizhe

This comment has been minimized.

Copy link
Contributor

commented May 29, 2019

@mfdii thanks for confirm that.

@natalysheinin natalysheinin deleted the natalysheinin:natalysheinin/fix-some-typos branch May 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.