disable cryptomining rule by default; add exception of localhost and … #1061
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…rfc1918 ip addresses
Signed-off-by: kaizhe [email protected]
What type of PR is this?
/kind rule-update
Any specific area of the project related to this PR?
/area rules
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Detect outbound connections to common miner pool ports
Special notes for your reviewer:
Heard complaints about falco sends out DNS lookup request to resolve miner domain which trigger alerts in cloud environment. We may want to disable this rule by default. And let user to decide to turn it on or not.
Also address FP that from localhost or RFC1918 ip addresses.
Does this PR introduce a user-facing change?: