Closed incertum closed 1 year ago
Comparing 5268907ba451d41390a9734c1688bd354c13851c
with latest tag falco-rules-1.0.1
Major changes:
Directory traversal monitored file read
has less tags than beforeRead sensitive file trusted after startup
has less tags than beforeRead sensitive file untrusted
has less tags than beforeCreate Symlink Over Sensitive Files
has less tags than beforeCreate Hardlink Over Sensitive Files
has less tags than beforeRedirect STDOUT/STDIN to Network Connection in Container
has less tags than beforeLinux Kernel Module Injection Detected
has less tags than beforePatch changes:
Disallowed SSH Connection
has more tags than beforeUnexpected outbound connection destination
has more tags than beforeUnexpected inbound connection source
has more tags than beforeRead Shell Configuration File
has more tags than beforeSchedule Cron Jobs
has more tags than beforeDirectory traversal monitored file read
changed its output fieldsDirectory traversal monitored file read
has more tags than beforeRead ssh information
has more tags than beforeRead sensitive file trusted after startup
changed its output fieldsRead sensitive file trusted after startup
has more tags than beforeRead sensitive file untrusted
changed its output fieldsRead sensitive file untrusted
has more tags than beforeChange thread namespace
has more tags than beforeTerminal shell in container
changed its output fieldsTerminal shell in container
has more tags than beforeProgram run with disallowed http proxy env
has more tags than beforeInterpreted procs inbound network activity
has more tags than beforeInterpreted procs outbound network activity
has more tags than beforeUnexpected UDP Traffic
has more tags than beforeContact EC2 Instance Metadata Service From Container
has more tags than beforeContact cloud metadata service from container
has more tags than beforeNetcat Remote Code Execution in Container
changed its output fieldsNetcat Remote Code Execution in Container
has more tags than beforeSet Setuid or Setgid bit
has more tags than beforeCreate Hidden Files or Directories
has more tags than beforeCreate Symlink Over Sensitive Files
changed its output fieldsCreate Symlink Over Sensitive Files
has more tags than beforeCreate Hardlink Over Sensitive Files
changed its output fieldsCreate Hardlink Over Sensitive Files
has more tags than beforeDetect outbound connections to common miner pool ports
has more tags than beforeNetwork Connection outside Local Subnet
has more tags than beforeOutbound or Inbound Traffic not to Authorized Server Process and Port
has more tags than beforeRedirect STDOUT/STDIN to Network Connection in Container
changed its output fieldsRedirect STDOUT/STDIN to Network Connection in Container
has more tags than beforeContainer Drift Detected (chmod)
has more tags than beforeContainer Drift Detected (open+create)
has more tags than beforeOutbound Connection to C2 Servers
has more tags than beforeLinux Kernel Module Injection Detected
changed its output fieldsLinux Kernel Module Injection Detected
has more tags than beforeContainer Run as Root User
has more tags than beforeJava Process Class File Download
has more tags than beforeModify Container Entrypoint
has more tags than beforeDrop and execute new binary in container
changed its output fieldsDrop and execute new binary in container
has more tags than beforeLGTM label has been added.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: incertum, LucaGuerra
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What type of PR is this?
/kind cleanup
/kind documentation
Any specific area of the project related to this PR?
/area rules
What this PR does / why we need it:
Third round of initially tagging rules w/ maturity_stable.
@LucaGuerra @loresuso @jasondellaluce
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer: