Add container check to Clear Log Activities rule

Signed-off-by: Brenno Oliveira <brenno.oliveira@deliveryhero.com>
falcosecurity · Oct 7, 2023 · 93310c5 · 93310c5
1 parent d119706
commit 93310c5
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -928,6 +928,7 @@
     relevant to your environment, and adjust the profiled containers you wish not to be alerted on.
   condition: >
     open_write 
+    and container
     and access_log_files 
     and evt.arg.flags contains "O_TRUNC" 
     and not trusted_logging_images