issues
search
falcosecurity
/
rules
Falco rule repository
https://falcosecurity.github.io/rules/
Apache License 2.0
87
stars
64
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
fix: fixed output issues within the sandbox ruleset
#255
darryk10
closed
1 day ago
3
fix: fixed output issues within the incubating ruleset
#254
darryk10
closed
2 weeks ago
3
fix: fixed output issues within the ruleset
#253
darryk10
closed
3 weeks ago
3
fix: Missing % in "Unexpected UDP Traffic" output rule
#252
DamienDelporte
closed
3 weeks ago
3
vote: update(OWNERS): add loresuso to approvers
#251
loresuso
closed
2 weeks ago
10
chore(gha): add 0.38.0 to supported Falco versions
#250
LucaGuerra
closed
4 weeks ago
2
Some minor fixes
#249
Andreagit97
closed
4 weeks ago
3
fix(.github/workflow): strict naming convention for changed rules files
#248
leogr
closed
1 month ago
1
vote: Adding @darryk10 to rules approvers
#247
darryk10
closed
1 month ago
9
cleanup(rules): transition rule `BPF Program Not Profiled` to maturity incubating
#246
incertum
closed
1 month ago
6
fix: change CVE-2024-3094 to match liblzma contain instead of endswith
#245
apsega
closed
1 month ago
4
fix: the correct usage is `<NA>` not `N/A`
#244
Andreagit97
closed
1 month ago
14
Resolve symlinks
#243
VVX7
closed
2 months ago
0
Resolve relative paths
#242
VVX7
closed
2 months ago
0
build(deps): Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in the actions group
#241
dependabot[bot]
closed
2 months ago
2
update(falco-incubating_rules.yaml): add Backdoored library loaded in…
#240
loresuso
closed
2 months ago
7
Improving rule: Netcat Remote Code Execution in Container
#239
b3n3d17
opened
2 months ago
0
wip: rules yaml files updated as per yaml linting conditions
#238
h4l0gen
opened
3 months ago
74
update: add macro known_drop_and_execute_activities
#237
SEANDOUGHTY
closed
3 months ago
6
update(rules): cleanup k8s.gcr.io
#236
leogr
closed
3 months ago
2
Explore options to augment the Rules Overview Doc based on the new "falco rules mitre checker module"
#235
incertum
opened
3 months ago
2
chore(ci): adding YAML-Lint for falco rules
#234
h4l0gen
closed
3 months ago
11
[TRACKING] CI Integration for "falco rules mitre checker module"
#233
incertum
opened
3 months ago
2
cleanup(rules-sandbox): remove old ref to k8s.gcr.io
#232
incertum
closed
3 months ago
3
update(sandbox): Added systemd to list of programs ignored when using BPF.
#231
petterreinholdtsen
closed
3 months ago
3
update(.github/FALCO_VERSIONS): unsupporting 0.37
#230
leogr
closed
4 months ago
1
build(deps): Bump the actions group with 1 update
#229
dependabot[bot]
closed
4 months ago
2
update(ci): add Falco 0.37.1 to FALCO_VERSIONS.
#228
FedeDP
closed
4 months ago
2
chore: minor readme edits
#227
incertum
closed
4 months ago
2
fix: trim spaces for required_engine_version and use atoi to parse in…
#226
loresuso
closed
4 months ago
5
Invalid engine_version_semver key in latest rules package
#225
loresuso
closed
4 months ago
5
A rule to view all user actions in a container (and bonus, host) - missing audit trail
#224
jonny-wg2
opened
4 months ago
2
fix(ci): fixed pages CI.
#223
FedeDP
closed
4 months ago
1
build(deps): Bump the actions group with 1 update
#222
dependabot[bot]
closed
4 months ago
2
ci(.github): add 0.37 to FALCO_VERSIONS
#221
leogr
closed
5 months ago
1
update(build/registry): allow optional auth to update-index cmd
#219
brennoo
closed
5 months ago
3
Helpful remove_sensitive_file_rule
#220
cccsss01
closed
1 week ago
6
update(rules): bump engine version to Falco 0.37.0 engine version
#218
Andreagit97
closed
5 months ago
10
chore: remove `exe_flags=%evt.arg.flags` output from each non spawned_process rule
#217
incertum
closed
5 months ago
7
update(deprecated_rules): use SemVer `required_engine_version`
#216
Andreagit97
closed
5 months ago
10
cleanup: remove `evt.arg.*` fields when always return `<NA>`
#215
Andreagit97
closed
5 months ago
5
Wrong usage of `evt.arg.*` / `evt.rawarg.*` when more than one event is involved
#214
Andreagit97
opened
5 months ago
3
`exe_flags=%evt.arg.flags` usage among our rules
#213
Andreagit97
closed
5 months ago
3
update(docs): new readme style to introduce rules core concepts
#212
incertum
closed
5 months ago
8
OCI artifacts and the rules files have different names
#211
Issif
opened
6 months ago
4
build(deps): Bump actions/deploy-pages from 3 to 4
#210
dependabot[bot]
closed
5 months ago
2
build(deps): Bump actions/upload-pages-artifact from 2 to 3
#209
dependabot[bot]
closed
5 months ago
2
Update: bpf cmd format
#208
Rohith-Raju
closed
4 months ago
8
Explore rules options around `LD_PRELOAD` env
#207
incertum
opened
6 months ago
9
build(deps): Bump actions/download-artifact from 3 to 4
#206
dependabot[bot]
closed
6 months ago
2
Next