mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
94d89eaea2
New automated tests for testing parsing of multiple-doc rules files:
- invalid_{overwrite,append}_{macro,rule}_multiple_docs are just like
the previous versions, but with the multiple files combined into a
single multi-document file.
- multiple_docs combines the rules file from multiple_rules
The expect the same results and output as the multiple-file versions.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
13 lines
216 B
YAML
13 lines
216 B
YAML
---
|
|
- rule: some rule
|
|
desc: some desc
|
|
condition: evt.type=open
|
|
output: some output
|
|
priority: INFO
|
|
---
|
|
- rule: some rule
|
|
desc: some desc
|
|
condition: bar
|
|
output: some output
|
|
priority: INFO
|
|
append: true |