19 lines
509 B
Plaintext
19 lines
509 B
Plaintext
|
# This is an example runnable osquery.conf. It does not enable eventing tables
|
||
|
#
|
||
|
# To use this, paste this stanza into your existing osquery.conf file, or use
|
||
|
# it interactively with:
|
||
|
#
|
||
|
# sudo osqueryi --config_path osquery.conf -A osquery_packs
|
||
|
#
|
||
|
# You can specify a pack to run using:
|
||
|
#
|
||
|
# sudo osqueryi --config_path osquery.conf --pack detection
|
||
|
|
||
|
{
|
||
|
"packs": {
|
||
|
"detection": "out/odk-detection.conf",
|
||
|
"incident-response": "out/odk-incident-response.conf",
|
||
|
"policy": "out/odk-policy.conf"
|
||
|
}
|
||
|
}
|