remove pid check

DataDog · Nov 15, 2024 · 4331dd7 · 4331dd7
1 parent f30135a
commit 4331dd7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/pkg/security/probe/selftests/create_file_windows.go b/pkg/security/probe/selftests/create_file_windows.go
@@ -38,7 +38,7 @@ func (o *WindowsCreateFileSelfTest) GetRuleDefinition() *rules.RuleDefinition {
 
 	return &rules.RuleDefinition{
 		ID:         o.ruleID,
-		Expression: fmt.Sprintf(`create.file.name == "%s" && create.file.device_path =~ "%s" && process.pid == %d`, basename, filepath.ToSlash(devicePath), os.Getpid()),
+		Expression: fmt.Sprintf(`create.file.name == "%s" && create.file.device_path =~ "%s"`, basename, filepath.ToSlash(devicePath)),
 		Silent:     true,
 	}
 }

diff --git a/pkg/security/probe/selftests/open_registry_key_windows.go b/pkg/security/probe/selftests/open_registry_key_windows.go
@@ -10,7 +10,6 @@ package selftests
 
 import (
 	"fmt"
-	"os"
 	"os/exec"
 	"path/filepath"
 
@@ -32,7 +31,7 @@ func (o *WindowsOpenRegistryKeyTest) GetRuleDefinition() *rules.RuleDefinition {
 
 	return &rules.RuleDefinition{
 		ID:         o.ruleID,
-		Expression: fmt.Sprintf(`open.registry.key_name == "%s" && process.pid == %d`, filepath.Base(o.keyPath), os.Getpid()),
+		Expression: fmt.Sprintf(`open.registry.key_name == "%s"`, filepath.Base(o.keyPath)),
 		Silent:     true,
 	}
 }