From 6624c8c6200c1b732400638355103d38e078ee35 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Thu, 20 Oct 2022 13:46:55 -0400
Subject: [PATCH] linux talkers: Add ssh exception

---
 detection/c2/unexpected-talkers-linux.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detection/c2/unexpected-talkers-linux.sql b/detection/c2/unexpected-talkers-linux.sql
index 96e5c45..38410cc 100644
--- a/detection/c2/unexpected-talkers-linux.sql
+++ b/detection/c2/unexpected-talkers-linux.sql
@@ -82,6 +82,7 @@ WHERE
   AND NOT exception_key IN (
     '123,17,500,/usr/chronyd,0u,0g,chronyd',
     '22000,6,500,/usr/syncthing,0u,0g,syncthing',
+    '22,6,500,/usr/ssh,0u,0g,ssh',
     '4070,6,500,/opt/spotify,0u,0g,spotify',
     '5228,6,500,/opt/chrome,0u,0g,chrome',
     '5228,6,500,/usr/chrome,0u,0g,chrome', -- Android Market/GCM