Decrease terminal shell in container to debug

From notice. That way the two main shell-related policies are both at debug.
falcosecurity · Sep 14, 2017 · 3b30644 · 3b30644
1 parent 55f55be
commit 3b30644
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -761,7 +761,7 @@
   output: >
     Shell spawned in a container other than entrypoint (user=%user.name %container.info image=%container.image
     shell=%proc.name pcmdline=%proc.pcmdline cmdline=%proc.cmdline parent=%proc.pname gparent=%proc.aname[2] ggparent=%proc.aname[3])
-  priority: NOTICE
+  priority: DEBUG
   tags: [container, shell]
 
 # sockfamily ip is to exclude certain processes (like 'groups') that communicate on unix-domain sockets