Melissa Kilby

@RichardoC 100% agree on trying to create a detection that is more behavioral rather than just addressing one specific CVE. Let's explore! `LD_PRELOAD` has been brought up multiple times by...

- Would something like this work `(proc.env[LD_PRELOAD] startswith "/tmp" or proc.env[LD_PRELOAD] contains " /tmp")`? Perhaps we get away without further patching the proc.env logic which we also wouldn't have until...

/remove-lifecycle rotten /remove-lifecycle stale

Cross-linked the issue to the feedback tracking https://github.com/falcosecurity/rules/issues/176

@leogr @LucaGuerra

still relevant /remove-lifecycle stale

@nikimanoledaki Falco does not yet have a Prometheus exporter, perhaps for Falco 0.38 in May we may have it, I need to check with the other maintainers. Meanwhile, we have...