issues
search
falcosecurity
/
rules
Falco rule repository
https://falcosecurity.github.io/rules/
Apache License 2.0
93
stars
68
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
update(ci): add 0.38.1 and 0.38.2 as supported versions
#262
LucaGuerra
closed
1 month ago
2
chore: upgrade py deps for rules_overview_generator
#261
incertum
closed
1 month ago
3
Ignore common UDP ports
#260
jackmtpt
opened
1 month ago
9
build(deps): Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 in the actions group
#258
dependabot[bot]
closed
1 month ago
2
fix(incubating_rules): revert #508
#257
LucaGuerra
closed
2 months ago
8
changing line length limit to <130
#256
h4l0gen
closed
2 months ago
3
fix: fixed output issues within the sandbox ruleset
#255
darryk10
closed
3 months ago
3
fix: fixed output issues within the incubating ruleset
#254
darryk10
closed
3 months ago
3
fix: fixed output issues within the ruleset
#253
darryk10
closed
3 months ago
3
fix: Missing % in "Unexpected UDP Traffic" output rule
#252
DamienDelporte
closed
3 months ago
3
vote: update(OWNERS): add loresuso to approvers
#251
loresuso
closed
3 months ago
10
chore(gha): add 0.38.0 to supported Falco versions
#250
LucaGuerra
closed
4 months ago
2
Some minor fixes
#249
Andreagit97
closed
4 months ago
3
fix(.github/workflow): strict naming convention for changed rules files
#248
leogr
closed
4 months ago
1
vote: Adding @darryk10 to rules approvers
#247
darryk10
closed
4 months ago
9
cleanup(rules): transition rule `BPF Program Not Profiled` to maturity incubating
#246
incertum
closed
4 months ago
6
fix: change CVE-2024-3094 to match liblzma contain instead of endswith
#245
apsega
closed
4 months ago
4
fix: the correct usage is `<NA>` not `N/A`
#244
Andreagit97
closed
5 months ago
14
Resolve symlinks
#243
VVX7
closed
5 months ago
0
Resolve relative paths
#242
VVX7
closed
5 months ago
0
build(deps): Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in the actions group
#241
dependabot[bot]
closed
5 months ago
2
update(falco-incubating_rules.yaml): add Backdoored library loaded in…
#240
loresuso
closed
5 months ago
7
Improving rule: Netcat Remote Code Execution in Container
#239
b3n3d17
closed
1 month ago
4
rules yaml files updated as per yaml linting conditions
#238
h4l0gen
opened
6 months ago
76
update: add macro known_drop_and_execute_activities
#237
SEANDOUGHTY
closed
6 months ago
6
update(rules): cleanup k8s.gcr.io
#236
leogr
closed
6 months ago
2
Explore options to augment the Rules Overview Doc based on the new "falco rules mitre checker module"
#235
incertum
opened
6 months ago
4
chore(ci): adding YAML-Lint for falco rules
#234
h4l0gen
closed
6 months ago
11
[TRACKING] CI Integration for "falco rules mitre checker module"
#233
incertum
opened
6 months ago
4
cleanup(rules-sandbox): remove old ref to k8s.gcr.io
#232
incertum
closed
6 months ago
3
update(sandbox): Added systemd to list of programs ignored when using BPF.
#231
petterreinholdtsen
closed
7 months ago
3
update(.github/FALCO_VERSIONS): unsupporting 0.37
#230
leogr
closed
7 months ago
1
build(deps): Bump the actions group with 1 update
#229
dependabot[bot]
closed
7 months ago
2
update(ci): add Falco 0.37.1 to FALCO_VERSIONS.
#228
FedeDP
closed
7 months ago
2
chore: minor readme edits
#227
incertum
closed
7 months ago
2
fix: trim spaces for required_engine_version and use atoi to parse in…
#226
loresuso
closed
7 months ago
5
Invalid engine_version_semver key in latest rules package
#225
loresuso
closed
7 months ago
5
A rule to view all user actions in a container (and bonus, host) - missing audit trail
#224
jonny-wg2
closed
1 week ago
6
fix(ci): fixed pages CI.
#223
FedeDP
closed
7 months ago
1
build(deps): Bump the actions group with 1 update
#222
dependabot[bot]
closed
7 months ago
2
ci(.github): add 0.37 to FALCO_VERSIONS
#221
leogr
closed
8 months ago
1
update(build/registry): allow optional auth to update-index cmd
#219
brennoo
closed
8 months ago
3
Helpful remove_sensitive_file_rule
#220
cccsss01
closed
3 months ago
6
update(rules): bump engine version to Falco 0.37.0 engine version
#218
Andreagit97
closed
8 months ago
10
chore: remove `exe_flags=%evt.arg.flags` output from each non spawned_process rule
#217
incertum
closed
8 months ago
7
update(deprecated_rules): use SemVer `required_engine_version`
#216
Andreagit97
closed
8 months ago
10
cleanup: remove `evt.arg.*` fields when always return `<NA>`
#215
Andreagit97
closed
8 months ago
5
Wrong usage of `evt.arg.*` / `evt.rawarg.*` when more than one event is involved
#214
Andreagit97
opened
9 months ago
5
`exe_flags=%evt.arg.flags` usage among our rules
#213
Andreagit97
closed
8 months ago
3
update(docs): new readme style to introduce rules core concepts
#212
incertum
closed
8 months ago
8
Next