From 205a8fd23b15b2750c0bb9831a12fe9954888262 Mon Sep 17 00:00:00 2001
From: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
Date: Wed, 10 Nov 2021 09:44:56 +0100
Subject: [PATCH] Move wget and curl to own rule

Signed-off-by: Erick Cheng <19863605+ec4n6@users.noreply.github.com>
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 55bf94665e6..795ba562e27 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2676,7 +2676,7 @@
   tags: [file, mitre_persistence]
 
 - list: remote_file_copy_binaries
-  items: [rsync, scp, sftp, dcp, wget, curl]
+  items: [rsync, scp, sftp, dcp]
 
 - macro: remote_file_copy_procs
   condition: (proc.name in (remote_file_copy_binaries))