Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule(falco_rules): update evt.type for spawned process macro #1868

Merged
merged 2 commits into from
Jan 25, 2022
Merged

rule(falco_rules): update evt.type for spawned process macro #1868

merged 2 commits into from
Jan 25, 2022

Conversation

Andreagit97
Copy link
Member

@Andreagit97 Andreagit97 commented Jan 25, 2022
edited by leogr
Loading

What type of PR is this?

/kind rule-update

Any specific area of the project related to this PR?

/area rules

What this PR does / why we need it:

As suggested here by we must monitor also execveat events to check if a new process is spawned.

Which issue(s) this PR fixes:

Ref. #1857

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

rule(macro spawned_process): monitor also processes spawned by `execveat`

@poiana poiana requested review from mfdii and mstemm January 25, 2022 16:48
@poiana poiana added the size/XS label Jan 25, 2022
@Andreagit97 Andreagit97 changed the title feat:update evt.type for spawned process macro feat: update evt.type for spawned process macro Jan 25, 2022
@Andreagit97 Andreagit97 mentioned this pull request Jan 25, 2022
Closed
51 tasks
@jasondellaluce
Copy link
Contributor

This is great @Andreagit97 ! Thanks. This LGTM, just make sure of using the rule(...): ... notation in the release note. Take some older rule-related PR as reference, as that line will be used to generate the changelog of the upcoming release.

Andrea Terzolo added 2 commits January 25, 2022 17:19
rule: add execveat as evt.type for spawned_process macro in falco rules
aff78e5 
Signed-off-by: Andrea Terzolo <s276109@studenti.polito.it>
rule: update Copyright in falco rules
0ffbd5e 
Signed-off-by: Andrea Terzolo <s276109@studenti.polito.it>
@Andreagit97 Andreagit97 changed the title feat: update evt.type for spawned process macro rule(falco_rules): update evt.type for spawned process macro Jan 25, 2022
@Andreagit97 Andreagit97 force-pushed the change_spawned_process_evt_type branch from 7b8a6b9 to 0ffbd5e Compare January 25, 2022 17:22
@Andreagit97
Copy link
Member Author

I fixed it, thank you!

@leogr
Copy link
Member

leogr commented Jan 25, 2022

/milestone 0.31.0

@poiana poiana added this to the 0.31.0 milestone Jan 25, 2022
leogr
leogr approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Jan 25, 2022

LGTM label has been added.

Git tree hash: 533d8f471c4f1c62bd2633ced3a3fcd333c255ff

jasondellaluce
jasondellaluce approved these changes Jan 25, 2022
View reviewed changes
Copy link
Contributor

@jasondellaluce jasondellaluce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

🚀

@poiana
Copy link
Contributor

poiana commented Jan 25, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, jasondellaluce, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 7750b6f into falcosecurity:master Jan 25, 2022
@Andreagit97 Andreagit97 deleted the change_spawned_process_evt_type branch October 15, 2022 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasondellaluce jasondellaluce jasondellaluce approved these changes

@leogr leogr leogr approved these changes

@mfdii mfdii Awaiting requested review from mfdii

@mstemm mstemm Awaiting requested review from mstemm

Assignees

@leogr leogr

@jasondellaluce jasondellaluce

Labels
approved area/rules dco-signoff: yes kind/rule-update lgtm release-note size/XS
Projects
None yet
Milestone
0.31.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Andreagit97 @jasondellaluce @leogr @poiana