Skip to content

Commit

Permalink
Move wget and curl to own rule
Browse files Browse the repository at this point in the history 
Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
  • Loading branch information
@erickatwork @poiana
erickatwork authored and poiana committed Nov 29, 2021
1 parent bdba37a commit 205a8fd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2676,7 +2676,7 @@
tags: [file, mitre_persistence]

- list: remote_file_copy_binaries
items: [rsync, scp, sftp, dcp, wget, curl]
items: [rsync, scp, sftp, dcp]

- macro: remote_file_copy_procs
condition: (proc.name in (remote_file_copy_binaries))
Expand Down

0 comments on commit 205a8fd

Please sign in to comment.