From 36f4320a46ca867144237259bc07bec798922999 Mon Sep 17 00:00:00 2001
From: Damien DELPORTE <damien.delporte@doctolib.com>
Date: Thu, 6 Jun 2024 10:48:32 +0200
Subject: [PATCH] fix: Missing % in "Unexpected UDP Traffic" output rule

Signed-off-by: Damien DELPORTE <damien.delporte@doctolib.com>
---
 rules/falco-incubating_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco-incubating_rules.yaml b/rules/falco-incubating_rules.yaml
index 58afc491..c6961f40 100644
--- a/rules/falco-incubating_rules.yaml
+++ b/rules/falco-incubating_rules.yaml
@@ -747,7 +747,7 @@
     inbound_outbound 
     and fd.l4proto=udp 
     and not expected_udp_traffic
-  output: Unexpected UDP Traffic Seen (connection=%fd.name lport=%fd.lport rport=%fd.rport fd_type=%fd.type fd_proto=fd.l4proto evt_type=%evt.type user=%user.name user_uid=%user.uid user_loginuid=%user.loginuid process=%proc.name proc_exepath=%proc.exepath parent=%proc.pname command=%proc.cmdline terminal=%proc.tty %container.info)
+  output: Unexpected UDP Traffic Seen (connection=%fd.name lport=%fd.lport rport=%fd.rport fd_type=%fd.type fd_proto=%fd.l4proto evt_type=%evt.type user=%user.name user_uid=%user.uid user_loginuid=%user.loginuid process=%proc.name proc_exepath=%proc.exepath parent=%proc.pname command=%proc.cmdline terminal=%proc.tty %container.info)
   priority: NOTICE
   tags: [maturity_incubating, host, container, network, mitre_exfiltration, TA0011]