wip: adding new event of copying content of sensitive files #99
Conversation
Signed-off-by: h4l0gen <ks3913688@gmail.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: h4l0gen The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Welcome @h4l0gen! It looks like this is your first PR to falcosecurity/event-generator 🎉 |
|
Hey maintainers, this is my first PR for the event-generator. I've created an event for the first time, so please review the PR and provide me with your valuable feedback. Thank you! |
|
/kind feature |
|
/area events |
There was a problem hiding this comment.
Sorry, but I can't find any "Download Sensitive File" rule: https://github.com/falcosecurity/rules/tree/main/rules
Each action must match a specific existing rule and have the same name
(I apologize because I know this convention is not documented).
So my question is: which rule is this event targeting? 🤔
|
@leogr , oh i wasn't aware of this then this event doesn't belong to any specific rule. I just created it as per security concern. |
|
@leogr i came across this rule |
h4l0gen
changed the title
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area events
What this PR does / why we need it:
This PR is adding an event which will try to copy content of sensitive files to another destination.
Which issue(s) this PR fixes:
Fixes #96
Special notes for your reviewer: