Skip to content

Comments

Make some rule apply for Host context #27

Merged
YakirOren merged 1 commit intomainfrom
feature/add-host-rules
Jan 21, 2026
Merged

Make some rule apply for Host context #27
YakirOren merged 1 commit intomainfrom
feature/add-host-rules

Conversation

@YakirOren
Copy link
Contributor

@YakirOren YakirOren commented Jan 21, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Enhanced 9 security rules with host context classification tags to improve rule filtering and organization across environments.

✏️ Tip: You can customize this high-level summary in your review settings.

@YakirOren
add host rule
40fc3fc 
Signed-off-by: Yakir Oren <yakiroren@gmail.com>
@YakirOren YakirOren requested a review from matthyx January 21, 2026 14:27
@coderabbitai
Copy link

coderabbitai bot commented Jan 21, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Eight detection rules receive the "context:host" tag addition to their metadata tags arrays, extending contextual classification without altering rule logic or behavior.

Changes

Cohort / File(s) Summary
Host Context Tag Addition
pkg/rules/r0009-ebpf-program-load/ebpf-program-load.yaml, pkg/rules/r0010-unexpected-sensitive-file-access/unexpected-sensitive-file-access.yaml, pkg/rules/r1000-exec-from-malicious-source/exec-from-malicious-source.yaml, pkg/rules/r1002-kernel-module-load/kernel-module-load.yaml, pkg/rules/r1005-fileless-execution/fileless-execution.yaml, pkg/rules/r1008-crypto-mining-domain-communication/crypto-mining-domain-communication.yaml, pkg/rules/r1009-crypto-mining-related-port/crypto-mining-related-port.yaml, pkg/rules/r1010-symlink-created-over-sensitive-file/symlink-created-over-sensitive-file.yaml, pkg/rules/r1015-malicious-ptrace-usage/malicious-ptrace-usage.yaml		 Adds "context:host" tag to spec.rules[0].tags array in each rule file, expanding contextual metadata classification

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 With whiskers twitched and tags so neat,
Nine rules now see the host they greet,
Each "context:host" a humble flag,
Metadata's burden—light as a bag! 🏷️

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Make some rule apply for Host context' accurately describes the main change: adding 'context:host' tags to multiple rules to extend their applicability to host environments.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@YakirOren YakirOren merged commit 0653201 into main Jan 21, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthyx matthyx matthyx approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@YakirOren @matthyx