Updated Generating Sample Events (markdown)

2025-09-19 17:14:26 +00:00 · 2016-10-24 15:25:42 -07:00
parent b7d8e20a7f
commit d010b7aa04
1 changed files with 6 additions and 1 deletions
--- a/Generating-Sample-Events.md
+++ b/Generating-Sample-Events.md
@@ -3,7 +3,7 @@ If you'd like to see if falco is working properly, we've created a test program
 Here's the usage block for the test program:

 ```
-Usage /usr/local/bin/event_generator [options]
+Usage event_generator [options]

 Options:
     -h/--help: show this help
@@ -32,7 +32,12 @@ Options:
                                                     (used by user_mgmt_binaries below)
          user_mgmt_binaries                         Become the program "vipw", which triggers
                                                     rules related to user management programs
+          exfiltration                               Read /etc/shadow and send it via udp to a
+                                                     specific address and port
          all                                        All of the above
+       The action can also be specified via the environment variable EVENT_GENERATOR_ACTIONS
+           as a colon-separated list
+       if specified, -a/--action overrides any environment variables
     -i/--interval: Number of seconds between actions
     -o/--once: Perform actions once and exit
 ```