Skip to content

Commit

Permalink
Ignore common UDP ports
Browse files Browse the repository at this point in the history 
443 (http3) and 88 (kerberos) are expected to see UDP traffic

Signed-off-by: jackmtpt <115712715+jackmtpt@users.noreply.github.com>
  • Loading branch information
@jackmtpt
jackmtpt authored Aug 15, 2024
1 parent 342b20d commit 46a4ff2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco-incubating_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -734,7 +734,7 @@
items: [0, 9, 80, 3306]

- list: expected_udp_ports
items: [53, openvpn_udp_ports, l2tp_udp_ports, statsd_ports, ntp_ports, test_connect_ports]
items: [53, 443, 88, openvpn_udp_ports, l2tp_udp_ports, statsd_ports, ntp_ports, test_connect_ports]

- macro: expected_udp_traffic
condition: fd.port in (expected_udp_ports)
Expand Down

0 comments on commit 46a4ff2

Please sign in to comment.