beacon rules add - Asymptote

Command Overview

beacon rules add installs a local .rule.yaml file or a directory of rule files into the local threat-rule store.

Command syntax

beacon rules add <path> [flags]

Beacon validates rules before installing them. Installed rules become active for future beacon scan runs.

Install all rules from a local directory:

Install local rules

beacon rules add ./rules

Install one rule file:

Install one rule

beacon rules add ./rules/suspicious-egress-command.rule.yaml

Overwrite an existing rule with the same id:

Overwrite an existing rule

beacon rules add ./rules --force

Install into the system-mode rule store:

Install system-mode rules

sudo beacon rules add ./rules --system

Flag	Description
`--user`	Use per-user endpoint paths. Enabled by default
`--system`	Use system endpoint paths
`--force`	Overwrite an existing rule with the same id

Validate rules and fixtures before installing.

Confirm which rules are active.

⌘I