Skip to content

Commit

Permalink
update(rules): tag rule as syscall
Browse files Browse the repository at this point in the history 
Co-authored-by: Kaizhe Huang <derek0405@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
  • Loading branch information
@leodido @Kaizhe @poiana
2 people authored and poiana committed Jun 23, 2021
1 parent 9bc942c commit 8425791
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3064,7 +3064,7 @@
(evt.rawres >= 0 or evt.res != -1)
output: An userfaultfd syscall was successfully executed by an unprivileged user (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline %container.info image=%container.image.repository:%container.image.tag)
priority: CRITICAL
tags: [process, mitre_defense_evasion]
tags: [syscall, mitre_defense_evasion]

# Application rules have moved to application_rules.yaml. Please look
# there if you want to enable them by adding to
Expand Down

0 comments on commit 8425791

Please sign in to comment.