cleanup(rules): adjust priority for Run shell untrusted

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
falcosecurity · Aug 14, 2023 · 67cc13f · 67cc13f
1 parent b8f8df5
commit 67cc13f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -1748,7 +1748,7 @@
     and not run_by_appdynamics
     and not user_shell_container_exclusions
   output: Shell spawned by untrusted binary (parent_exe=%proc.pexe parent_exepath=%proc.pexepath pcmdline=%proc.pcmdline gparent=%proc.aname[2] ggparent=%proc.aname[3] aname[4]=%proc.aname[4] aname[5]=%proc.aname[5] aname[6]=%proc.aname[6] aname[7]=%proc.aname[7] evt_type=%evt.type user=%user.name user_uid=%user.uid user_loginuid=%user.loginuid process=%proc.name proc_exepath=%proc.exepath parent=%proc.pname command=%proc.cmdline terminal=%proc.tty exe_flags=%evt.arg.flags %container.info)
-  priority: DEBUG
+  priority: NOTICE
   tags: [maturity_stable, host, container, process, shell, mitre_execution, T1059.004]
 
 - macro: allowed_openshift_registry_root