Update synflood ignore_ref; add clean object to validate against (cha…

…inguard-dev#315) Signed-off-by: egibs <[email protected]>
egibs · Jul 2, 2024 · 8a4d35d · 8a4d35d
1 parent c056273
commit 8a4d35d
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/rules/net/ddos.yara b/rules/net/ddos.yara
@@ -9,7 +9,7 @@ rule ddos_refs : critical {
     $ref2 = "ackflood" fullword
     $ref3 = "synflood" fullword
     // datadog-agent tracer-fentry-debug.o
-    $ignore_ref = "defer_accept.synflood_warned.you"
+    $ignore_ref = "synflood_warned"
   condition:
     any of ($ref*) and not $ignore_ref
 }
diff --git a/samples/Linux/clean/tracer.o.aarch64 b/samples/Linux/clean/tracer.o.aarch64