From 64d482abcd822430f981012c3692558333e30008 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Fri, 12 May 2023 16:35:00 -0400
Subject: [PATCH] Collect recent file events

---
 incident_response/file_events.sql | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/incident_response/file_events.sql b/incident_response/file_events.sql
index e78cdd9..caefc55 100644
--- a/incident_response/file_events.sql
+++ b/incident_response/file_events.sql
@@ -2,7 +2,7 @@
 --
 -- tags: postmortem
 -- platform: posix
-SELECT
-  *
-FROM
-  file_events;
+-- interval: 900
+SELECT *
+FROM file_events
+WHERE time > (strftime('%s', 'now') -900)
\ No newline at end of file