RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add combined-detection rule

This commit is contained in:
Thomas Stromberg 2023-12-15 17:25:54 -05:00
parent 1aaf59c36c
commit 2be637e9c3
Failed to extract signature
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -49,6 +49,9 @@ out/odk-vulnerabilities.conf: out/osqtool-$(ARCH) $(wildcard vulnerabilities/*.
out/odk-incident-response.conf: out/osqtool-$(ARCH) $(wildcard incident_response/*.sql)
./out/osqtool-$(ARCH) --max-query-duration=12s --output out/odk-incident-response.conf --verify pack incident_response/
out/combined-detection.conf: out/osqtool-$(ARCH) $(wildcard */*/*.sql)
./out/osqtool-$(ARCH) --output out/combined-detection.conf --verify pack detection/ vulnerabilities/
# A privacy-aware variation of IR rules
out/odk-incident-response-privacy.conf: out/osqtool-$(ARCH) $(wildcard incident_response/*.sql)
./out/osqtool-$(ARCH) --exclude-tags=disabled,disabled-privacy --output out/odk-incident-response-privacy.conf pack incident_response/