beacon rules pull - Asymptote

Command Overview

beacon rules pull downloads a rule file or rule pack from an explicit URL and installs valid rules into the local store.

Command syntax

beacon rules pull <url> [flags]

This is the only beacon rules command that reaches the network, and only when you run it. Beacon never fetches rules on its own and has no hosted default rule-pack URL.

Supported inputs

beacon rules pull accepts:

Input	Description
`.rule.yaml`	One rule file
`.tar.gz`	Gzipped tarball containing `.rule.yaml` files
`.tgz`	Gzipped tarball containing `.rule.yaml` files

Downloaded tarballs only install .rule.yaml entries. Archive entries containing path traversal elements are rejected before install.

Examples

Pull a rule pack:

Pull a rule pack

beacon rules pull https://example.com/beacon-rules.tar.gz

Pull one rule file:

Pull one rule file

beacon rules pull https://example.com/rules/suspicious-egress-command.rule.yaml

Overwrite an existing rule with the same id:

Overwrite existing rules

beacon rules pull https://example.com/beacon-rules.tar.gz --force

Install into the system-mode rule store:

Pull system-mode rules

sudo beacon rules pull https://example.com/beacon-rules.tar.gz --system

Flags

Flag	Description
`--user`	Use per-user endpoint paths. Enabled by default
`--system`	Use system endpoint paths
`--force`	Overwrite an existing rule with the same id

beacon rules lint

Validate a rule pack before publishing or installing.

beacon rules list

Confirm the installed active rules.

​Command Overview

​Supported inputs

​Examples

​Flags

​Related