From 81d0c7e08a8c438bcddbfafe5bf8880bbeedb76c Mon Sep 17 00:00:00 2001
From: marius <marius@noreply.localhost>
Date: Sun, 7 May 2023 18:16:51 +0000
Subject: [PATCH] Added threat hunting docu

---
 falco/rules.d/Readme.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 falco/rules.d/Readme.txt

diff --git a/falco/rules.d/Readme.txt b/falco/rules.d/Readme.txt
new file mode 100644
index 0000000..4bf3872
--- /dev/null
+++ b/falco/rules.d/Readme.txt
@@ -0,0 +1,3 @@
+Threat Hunting config for Falco
+
+* created a network logger (process, privileged or not, egress IP) - can be used on internal systems (select internal networks can be excluded)
\ No newline at end of file