I am orchestrating my falcon-sensors (kernel mode) via a DaemonSet. I am using the CVE-2021-4034 as my detection test. It seems as my hosts where I have installed falcon sensor directly via the .deb package, it gets detected consistently. However, on hosts where it is deployed via this chart (kernel sensor, not container sensor), it doesn't get detected. Does this make sense at all? The commands show up in the command log if I browse the host, it just doesn't trigger a detection.
I am orchestrating my falcon-sensors (kernel mode) via a DaemonSet. I am using the CVE-2021-4034 as my detection test. It seems as my hosts where I have installed falcon sensor directly via the .deb package, it gets detected consistently. However, on hosts where it is deployed via this chart (kernel sensor, not container sensor), it doesn't get detected. Does this make sense at all? The commands show up in the command log if I browse the host, it just doesn't trigger a detection.