Closed tstromberg closed 2 months ago
I'm working on a PR that filters out this rule.
fixed in #169
@tstromberg sorry this is an error, the string "d" is not a detection pattern, probably something overwritten by mistake. It'll be removed in the next release.
I was surprised to see that "/bin/ls" on my system now rates as CRITICAL:
The rule isn't great: we should either blacklist it, or automatically ignore results from rules that rely on single-byte evidence.