From ed772cb369580afd42e94e832be16a53f805e2dd Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Thu, 27 Apr 2023 11:59:02 -0400
Subject: [PATCH] Filter out targets, add more entries

---
 detection/persistence/unexpected-systemctl-calls-linux.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detection/persistence/unexpected-systemctl-calls-linux.sql b/detection/persistence/unexpected-systemctl-calls-linux.sql
index 7a6a37f..e1ed872 100644
--- a/detection/persistence/unexpected-systemctl-calls-linux.sql
+++ b/detection/persistence/unexpected-systemctl-calls-linux.sql
@@ -71,6 +71,7 @@ WHERE
   AND NOT exception_key IN (
     'systemctl,0,apt-helper,',
     'systemctl,0,,containerd-shim-runc-v2',
+    'systemctl,0,kubeadm,containerd-shim-runc-v2',
     'systemctl,0,dash,logrotate',
     'systemctl,0,pacman,pacman',
     'systemctl,500,zsh,tmux',