# This is an example runnable osquery.conf. It does not enable eventing tables # # To use this, paste this stanza into your existing osquery.conf file, or use # it interactively with: # # sudo osqueryi --config_path osquery.conf -A osquery_packs # # You can specify a pack to run using: # # sudo osqueryi --config_path osquery.conf --pack detection { "packs": { "detection": "out/odk-detection.conf", "incident-response": "out/odk-incident-response.conf", "policy": "out/odk-policy.conf" } }