From 30a9814064d8a83d3bdafd8035b83350d536c8d6 Mon Sep 17 00:00:00 2001
From: Kaizhe Huang <derek0405@gmail.com>
Date: Thu, 11 Apr 2019 18:42:39 -0700
Subject: [PATCH] minor fix

---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 28cedc6a3de..f8d4950f336 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1949,7 +1949,7 @@
   desc: >
     Detect grep private keys or passwords activity.
   condition: >
-    (spawned_process and container and
+    (spawned_process and
      ((grep_commands and private_key_or_password) or
       (proc.name = "find" and (proc.args contains "id_rsa" or proc.args contains "id_dsa")))
     )