From 5c7ec523504320662c3637e1e0394d3b7ccee1d8 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Mon, 17 Oct 2022 17:30:41 -0400
Subject: [PATCH] Lower polling time to once a minute

---
 detection/execution/exotic-command-events-linux.sql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/detection/execution/exotic-command-events-linux.sql b/detection/execution/exotic-command-events-linux.sql
index e803fe3..f76a4bd 100644
--- a/detection/execution/exotic-command-events-linux.sql
+++ b/detection/execution/exotic-command-events-linux.sql
@@ -5,7 +5,7 @@
 --
 -- tags: transient process events
 -- platform: linux
--- interval: 15
+-- interval: 60
 SELECT
   p.pid,
   p.path,
@@ -34,7 +34,7 @@ FROM
   LEFT JOIN hash ON p.path = hash.path
   LEFT JOIN hash AS phash ON pp.path = hash.path
 WHERE
-  p.time > (strftime('%s', 'now') -15)
+  p.time > (strftime('%s', 'now') -60)
   AND (
     basename IN (
       'bitspin',