From 17f77468f44a6d5502a0de362264c1366c49a449 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Mon, 24 Oct 2022 11:09:21 -0400
Subject: [PATCH] Add coreduetd exception

---
 detection/exfil/high_disk_bytes_read.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detection/exfil/high_disk_bytes_read.sql b/detection/exfil/high_disk_bytes_read.sql
index d3c7a96..65c3908 100644
--- a/detection/exfil/high_disk_bytes_read.sql
+++ b/detection/exfil/high_disk_bytes_read.sql
@@ -60,6 +60,7 @@ WHERE
   AND NOT p.path IN (
     '/usr/bin/dockerd',
     '/usr/bin/gnome-shell',
+    '/usr/libexec/coreduetd',
     '/usr/bin/udevadm',
     '/usr/libexec/aned',
     '/usr/libexec/logd',