osquery-defense-kit/osquery.conf

19 lines
509 B
Plaintext

# This is an example runnable osquery.conf. It does not enable eventing tables
#
# To use this, paste this stanza into your existing osquery.conf file, or use
# it interactively with:
#
# sudo osqueryi --config_path osquery.conf -A osquery_packs
#
# You can specify a pack to run using:
#
# sudo osqueryi --config_path osquery.conf --pack detection
{
"packs": {
"detection": "out/odk-detection.conf",
"incident-response": "out/odk-incident-response.conf",
"policy": "out/odk-policy.conf"
}
}