Skip to content

Commit

Permalink
fix(rules): typo in Create Symlink Over Sensitive Files rule output
Browse files Browse the repository at this point in the history 
Signed-off-by: Angelo Puglisi <[email protected]>
  • Loading branch information
@deepskyblue86 @poiana
deepskyblue86 authored and poiana committed Dec 13, 2021
1 parent cd471a7 commit f035829
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2707,7 +2707,7 @@
create_symlink and
(evt.arg.target in (sensitive_file_names) or evt.arg.target in (sensitive_directory_names))
output: >
Symlinks created over senstivie files (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline target=%evt.arg.target linkpath=%evt.arg.linkpath parent_process=%proc.pname)
Symlinks created over sensitive files (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline target=%evt.arg.target linkpath=%evt.arg.linkpath parent_process=%proc.pname)
priority: NOTICE
tags: [file, mitre_exfiltration]

Expand Down

0 comments on commit f035829

Please sign in to comment.