-
**Motivation**
See https://github.com/falcosecurity/rules/pull/149#issuecomment-1705527047
The common use case is when a list or a macro is first defined in the *stable* rules file, but it is al…
leogr updated
3 weeks ago
-
**Describe the bug**
Graphs can show events with a future date.
And it's changing depending on the "Since" period selected.
If I pick "1 month", the graph displays the event as it happened toda…
-
**Describe the bug**
When loading rules, falco finds the rules file as invalid with the following error:
```
LOAD_ERR_COMPILE_OUTPUT (Error compiling output):
....
has an invalid index argume…
-
It seems that falco doesn't handle reverse-complemented read sequences in mapped BAM files correctly.
Specifically, when flag bit 0x04 of a read is not set (i.e. when the read is mapped), falco shoul…
-
This is a Falco-specific metrics. The kernel event rate reflects the server load e.g. from workloads. Falco's kernel-side & userspace event counts & tracepoint invocation counts could help [[source](h…
-
**Describe the bug**
```
[1047486.856617] falco: deallocating consumer ffff9aba94a2a0e0
[1047486.938918] BUG: unable to handle kernel paging request at ffffac4fe972383e
[1047486.943701] falc…
-
### Proposed features
Overriding Falco rules requires deep knowledge about Falco and its rules, and the format is essentially half yaml half their own conditions, but we expose this in it's entiret…
aarnq updated
2 months ago
-
**Motivation**
The name of the OCI artifact to package the rules file and the name of the .yaml containing the rules are not the same (`-` vs `_`).
See:
| OCI | File |
|-----|------|
| fa…
Issif updated
1 month ago
-
Some times the events from sandbox rule "Write below root" contain a incomplete path, making it hard to know the location of the file in question. This is an example message:
"14:27:16.40285343…
-
CI Integration for "falco rules mitre checker module", see https://github.com/falcosecurity/rules/pull/181.
CC @IceManGreen @leogr @FedeDP