Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Timed Rules / TTL #627

Open
martin-langhoff opened this issue Jul 24, 2024 · 1 comment
Open

Feature Request: Timed Rules / TTL #627

martin-langhoff opened this issue Jul 24, 2024 · 1 comment

Comments

@martin-langhoff
Copy link

I'd like to allow generic tools like wget for a brief period (5 minutes, or 1hr, etc) - for example during a brew install run. But I don't want to whitelist wget permanently, because a malicious execution might use it to fetch a 'next stage' binary for an attack.

Allowing 'per process' is too granular, as wget can get called a dozen times by brew. In addition, I end up with dozens of rules 'per process' that were never meant to be long-lived.
@objective-see
Copy link
Owner

Excellent idea ...this will be added in the (soon to be released) v3.0

image

objective-see added a commit that referenced this issue Aug 25, 2024
@objective-see
new feature: rule expiration
cd3be6c 
#627
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martin-langhoff @objective-see