CLI commands

Note

Global Configurations

Global configurations can be updated from full configuration files only. Use either a JSON or YAML global configuration files with corelight-update update --global to update the global configuration.

Tip

import –policy

Policies can be imported from older v0.23.x policies or from the new policy examples with corelight-update import. Use the -v0.23 flag to indicate you are importing from a older policy.

Tip

update –policy

Use either the new JSON or YAML config file format to update a policy with corelight-update update. When updating policies, you can either supply an entire policy configuration or only the sections you want to update.

Warning

When updating from a full or partial configuration, any config section provided must have all none-zero fields provided. Any missing fields will be updated to their zero value.

Tip

show –policy

Use the corelight-update show -policy command to print the configuration details of a policy in JSON or YAML format. The output from this command can be saved to a file and used with the import or update commands later.

CLI help output

To view the available CLI Commands, use corelight-update -h

Options:
    -b  - Build and push a package bundle for select policies
    -d  - Turn on debug level logging
    -D  - Turn on debug level2 logging
    -f  - Force deploy existing content to a policy
    -h  - Print this help message
    -o  - Run once for a one or more policies
    -v  - Print |cu| version

**Run |cu| continuously for all defined policies**
  Usage: corelight-update

**Run |cu| once for all defined policies**
  Usage: corelight-update -o

**Force deploy existing content to select policies**
  Usage: corelight-update -f [policy1 policy2 ... policyN]

**Build and push a package bundle for select policies**
  Usage: corelight-update -b [policy1 policy2 ... policyN]

**Add Options**
  Usage: corelight-update add -policy [policy1 policy2 ... policyN]
  Usage: corelight-update add -policies [policy1 policy2 ... policyN]
    --policy    Add one or more policies
    --policies  Add one or more policies

**Import Options**
  Usage: corelight-update import -policy <policy name> -path <path to policy config> -v0.23 -f
    --policy    Name of policy to import
    --file      Path to config file to import (json or yaml)
    --path      Path to config file to import (json or yaml)
    --v0.23     Import legacy config file from v0.23
    -f          Force import - overwrite existing policy

**Remove Options**
  Usage: corelight-update remove -policy [policy1 policy2 ... policyN]
  Usage: corelight-update remove -policies [policy1 policy2 ... policyN]
  Usage: corelight-update remove -all-policies
    --policy        Name or names of policies to remove
    --policies      Name or names of policies to remove
    --all-policies  Remove all policies

**Show Options**
  Usage: corelight-update show -policies
  Usage: corelight-update show -policy <policy name> [-json|-yaml] [-file]
  Usage: corelight-update show -global [-json|-yaml] [-file]
    --policies   List all policies
    --policy     Name of Policy to print
    --global     Print Global Config
    --json|JSON  Print in JSON format
    --yaml|YAML  Print in YAML format - (Default)
    --file       File path to save output to
    --path       File path to save output to

**Update Options**
  Usage: corelight-update update -global -path <path to global config>
  Usage: corelight-update update -global-setting [setting1=value1 setting2=value2 ... settingN=valueN]
  Usage: corelight-update update -global-settings [setting1=value1 setting2=value2 ... settingN=valueN]
  Usage: corelight-update update -policy <policy name> -path <path to policy config>
    --global           Update Global Config from a yaml or json config file
    --global-setting   Update Global Config setting from a key value pair
    --global-settings  Update Global Config setting from a key value pair
    --policy           Update a Policy Config from a yaml or json config file
    --file             Path to config file to import (json or yaml)
    --path              Path to config file to import (json or yaml)

**Encrypt Options**
  To encrypt passwords before they are stored in the 'encrypted_pass' field of a policy
  Usage: corelight-update encrypt <string to encrypt>