HomeDocumentationAPI Reference
Log In
Documentation
These docs are for v5.7.0. Click to read the latest docs for v5.8.0.

The definition of the sandfly itself. This is where engines, the expr rules, all of the engine-specific options, and more live.

{
	"engines": null,
	"rules": null,
	"rule_op": "",
	"explanation": "",
	"explanation_not_found": "",
	"always_pass": false,
	"inverse_result": false,
	"response": {
		"process": {
			"kill": false,
			"suspend": false
		}
	},
	"os_exclude": {
		"rules": null,
		"rule_op": ""
	},
	"match_hash_extras": {
		"values": null,
		"apply_permissive": false,
		"apply_moderate": false,
		"apply_strict": false
	},
	"process": {
		"redact_environ": false,
		"scan_self": false,
		"masquerade_binary_check": null,
		"discard_parent_process_data": false
	},
	"directory": {
		"follow_links": false,
		"home_dir_scan": false,
		"search_paths": null,
		"search_paths_recurse": false,
		"recurse_cross_filesystems": false,
		"recurse_depth_limit": 0,
		"search_paths_patterns": null,
		"search_paths_patterns_ignore": null,
		"search_paths_individual": null
	},
	"file": {
		"follow_links": false,
		"home_dir_scan": false,
		"search_paths": null,
		"search_paths_recurse": false,
		"recurse_cross_filesystems": false,
		"recurse_depth_limit": 0,
		"search_paths_patterns": null,
		"search_paths_full_patterns": null,
		"search_paths_patterns_ignore": null,
		"search_paths_individual": null,
		"search_pattern_text": null,
		"search_pattern_depth_bytes": 0,
		"search_pattern_match_all": false,
		"match_paths": null,
		"match_paths_recurse": false,
		"match_paths_individual": null,
		"executables_only": false,
		"read_compressed_files": false,
		"scan_self": false,
		"max_size": 0
	},
	"user": {
		"username": null,
		"username_ignore": null,
		"password_auditor": {
			"password_is_username": false,
			"password_list": null,
			"max_random_users_to_attempt": 0
		}
	},
	"cron": {
		"follow_links": false,
		"search_paths": null,
		"search_paths_patterns": null,
		"search_paths_patterns_ignore": null,
		"search_paths_individual": null
	},
	"atjob": {
		"follow_links": false,
		"search_paths": null,
		"search_paths_patterns": null,
		"search_paths_patterns_ignore": null
	},
	"kernel_module": {
		"taint_inconsistency": false
	}
}