Melissa Kilby

@RichardoC 100% agree on trying to create a detection that is more behavioral rather than just addressing one specific CVE. Let's explore! `LD_PRELOAD` has been brought up multiple times by...

- Would something like this work `(proc.env[LD_PRELOAD] startswith "/tmp" or proc.env[LD_PRELOAD] contains " /tmp")`? Perhaps we get away without further patching the proc.env logic which we also wouldn't have until...

/remove-lifecycle rotten /remove-lifecycle stale

Cross-linked the issue to the feedback tracking https://github.com/falcosecurity/rules/issues/176

@leogr @LucaGuerra

still relevant /remove-lifecycle stale

@nikimanoledaki Falco does not yet have a Prometheus exporter, perhaps for Falco 0.38 in May we may have it, I need to check with the other maintainers. Meanwhile, we have...

Thank you 🎉 , we will check on it soon!

> Looks like the linting job failed for a bunch of files that weren't modified in this PR? Yes this is currently always failing as we have not yet reached...

@MrLotU I understand that this PR has been open for a while, and it appears that some fixes were merged in the past. Nevertheless, I wanted to reach out and...