We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/home/t/packages/x86_64/datadog-agent-oci-compat-7.54/opt/datadog-agent/embedded/share/system-probe/ebpf/runtime-security-fentry.o [🚨 CRITICAL] ----------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ----------------------------------------------------------------------------------- CRIT evasion/fake/process/name Pretends to be a kworker kernel thread kworker ----------------------------------------------------------------------------------- /home/t/packages/x86_64/datadog-agent-oci-compat-7.54/opt/datadog-agent/embedded/share/system-probe/ebpf/runtime-security-syscall-wrapper.o [🚨 CRIT ICAL] ----------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ----------------------------------------------------------------------------------- CRIT evasion/fake/process/name Pretends to be a kworker kernel thread kworker ----------------------------------------------------------------------------------- /home/t/packages/x86_64/datadog-agent-oci-compat-7.54/opt/datadog-agent/embedded/share/system-probe/ebpf/runtime-security.o [🚨 CRITICAL] ----------------------------------------------------------------------------------- RISK KEY DESCRIPTION EVIDENCE ----------------------------------------------------------------------------------- CRIT evasion/fake/process/name Pretends to be a kworker kernel thread kworker -----------------------------------------------------------------------------------
I think if we update the matching string to kworker/ we would get the hits we need without the false positives.
kworker/
Related: #306
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I think if we update the matching string to
kworker/
we would get the hits we need without the false positives.Related: #306
The text was updated successfully, but these errors were encountered: