Detecting admin activities Falco Rules

A set of rules to detect admin activities

Detect su or sudo

Detects su or sudo privilege escalation activity

Package Management Launched

Detects when a package management process is launched in a container

Rules