Skip to content

feat(secure-policies): support new and fix existing fields in malware policy #657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Jul 22, 2025
Merged

feat(secure-policies): support new and fix existing fields in malware policy #657

merged 12 commits into from
Jul 22, 2025

Conversation

ombellare
Copy link
Contributor

@ombellare ombellare commented Jul 14, 2025
edited
Loading

feat(secure-policy): Add following fields to support malware runtime policy:

  • use_yara_rules (bool)
  • ignore_hashes (list of string hashes)
  • use_regex (bool)
  • ignore_paths (list of string paths to ignore from hash calculation)

Also fixed bug with current schema which does not support multiple hashes to be added to the additional_hashes and ignore_hashes field. Due to this schema change, customers will now need to change existing terraform definitions in their malware policies from:

additional_hashes {
  hash         = "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6"
}

to

additional_hashes = [
  "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6"
]

New hashes can now be added like:

additional_hashes = [
  "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6",
  "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ab7"
]

@ombellare ombellare changed the base branch from support-drift-malware-new-fields to master July 14, 2025 23:55
@ombellare ombellare closed this Jul 15, 2025
@ombellare ombellare reopened this Jul 15, 2025
@airadier
Copy link
Collaborator

Hi @ombellare , is this ready for review? Can you add a small description of the purpose of the PR?

Thanks!

@ombellare @tembleking
feat(secure-policies): support new fields in drift policy (#656)
5fc61e8 
* Add support for additional secure drift policy fields

* Address review comments

* Fixed spacing issue

---------

Co-authored-by: Fede Barcelona <fede_rico_94@hotmail.com>
@ombellare ombellare force-pushed the fix-malware-hashes-fields branch from e6bf418 to 5fc61e8 Compare July 18, 2025 16:01
@ombellare
Copy link
Contributor Author

Hi @airadier , please hold off on reviewing this PR for now since there is a schema change that might need to be communicated to customers before proceeding to merge the fix.
I have added a short description of the change so feel free to provide any early feedback if you would like!

@ombellare ombellare enabled auto-merge (squash) July 22, 2025 16:54
@ombellare ombellare merged commit e856535 into master Jul 22, 2025
22 checks passed
@ombellare ombellare deleted the fix-malware-hashes-fields branch July 22, 2025 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tembleking tembleking tembleking approved these changes

@jbainbridgesysdig jbainbridgesysdig jbainbridgesysdig approved these changes

@airadier airadier Awaiting requested review from airadier airadier is a code owner

@mateobur mateobur Awaiting requested review from mateobur mateobur is a code owner

@rosenbloomb-sysdig rosenbloomb-sysdig Awaiting requested review from rosenbloomb-sysdig rosenbloomb-sysdig is a code owner

@miguelgordo miguelgordo Awaiting requested review from miguelgordo miguelgordo is a code owner

@ivanlysiuk-sysdig ivanlysiuk-sysdig Awaiting requested review from ivanlysiuk-sysdig ivanlysiuk-sysdig is a code owner

@daniel-almeida daniel-almeida Awaiting requested review from daniel-almeida daniel-almeida is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ombellare @airadier @tembleking @jbainbridgesysdig