diff --git a/rules/falco-deprecated_rules.yaml b/rules/falco-deprecated_rules.yaml index f37a15a5..f60b48c3 100644 --- a/rules/falco-deprecated_rules.yaml +++ b/rules/falco-deprecated_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 17 +- required_engine_version: "0.17.0" # This macro `never_true` is used as placeholder for tuning negative logical sub-expressions, for example # - macro: allowed_ssh_hosts diff --git a/rules/falco-incubating_rules.yaml b/rules/falco-incubating_rules.yaml index ce105fe6..ea0a91de 100644 --- a/rules/falco-incubating_rules.yaml +++ b/rules/falco-incubating_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" - macro: open_write condition: (evt.type in (open,openat,openat2) and evt.is_open_write=true and fd.typechar='f' and fd.num>=0) diff --git a/rules/falco-sandbox_rules.yaml b/rules/falco-sandbox_rules.yaml index bd696f6a..05e49089 100644 --- a/rules/falco-sandbox_rules.yaml +++ b/rules/falco-sandbox_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" # Currently disabled as read/write are ignored syscalls. The nearly # similar open_write/open_read check for files being opened for diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 12ee70d5..1a1ce3b5 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -24,7 +24,7 @@ # Starting with version 8, the Falco engine supports exceptions. # However the Falco rules file does not use them by default. -- required_engine_version: 26 +- required_engine_version: "0.26.0" # Currently disabled as read/write are ignored syscalls. The nearly # similar open_write/open_read check for files being opened for