rules
rules copied to clipboard
falcosecurity
Falco rule repository
Explore options to augment the Rules Overview Doc https://falcosecurity.github.io/rules/ based on the new "falco rules mitre checker module", see https://github.com/falcosecurity/rules/pull/181 CC @IceManGreen @leogr
CI Integration for "falco rules mitre checker module", see https://github.com/falcosecurity/rules/pull/181. CC @IceManGreen @leogr @FedeDP
**Motivation** The issues I found with comments are due to practical reasons. In particular: - There should be no empty lines between the comments and the referred item - This...
443 (http3) and 88 (kerberos) are expected to see UDP traffic **What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind feature /kind bug...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind feature /bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind feature /kind bug > /kind cleanup > /kind design > /kind documentation > /kind...
**Describe the bug** Supposedly during an ssh login we get false positive events like this one here. ``` 11:47:28.853799509: Warning Sensitive file opened for reading by non-trusted program (file=/etc/pam.d/systemd-user gparent=...
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5.4.1 to 6.0.1. Release notes Sourced from astral-sh/setup-uv's releases. v6.0.1 🌈 Fix default cache dependency glob Changes The new default in v6 used illegal patterns and therefore...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Hey, currently we are facing False-Positive Events from the `BPF Program Not Profiled` Rule. The Event was triggered by systemd, here is an example Log from Falco: ```json {"hostname":"node-4711","output":"11:28:29.271623114: Notice...
**Motivation** Since `runc 1.1.15`, that was notably deployed in [AKSUbuntu-2204gen2containerd-202410.15.0](https://raw.githubusercontent.com/Azure/AgentBaker/master/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202410.15.0.txt) vs [previous version](https://raw.githubusercontent.com/Azure/AgentBaker/master/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202410.09.0.txt), we do experience a hell lot of falco CRITICAL alerts I'm clearly not a subject expert, so...
