gist/falco/rules.d

Threat Hunting config for Falco

* created a network logger (process, privileged or not, egress IP) - can be used on internal systems (select internal networks can be excluded)