artif: new artifacts added to ir_triage profile

tclahr · Sep 2, 2024 · f5971ed · f5971ed
1 parent dfe2f36
commit f5971ed
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -67,6 +67,10 @@
 - live_response/system/world_writable_files.yaml: Updated to remove max_depth limit.
 - live_response/system/zoneadm.yaml: Artifact was moved to live_response/containers directory ([Herbert-Karl](https://github.com/Herbert-Karl)).
 
+### Profiles
+
+- files/applications/lesshst.yaml, files/applications/viminfo.yaml, and files/applications/wget.yaml artifacts were added to the 'ir_triage' profile.
+
 ### Command Line Option Changes
 
 - '--date-range-start' was renamed to '--start-date' ([#186](https://github.com/tclahr/uac/issues/186)).

diff --git a/profiles/ir_triage.yaml b/profiles/ir_triage.yaml
@@ -24,6 +24,12 @@ artifacts:
   - live_response/vms/*
   - chkrootkit/chkrootkit.yaml
   - hash_executables/hash_executables.yaml
-  - files/*
-  - !files/applications/*
-  - !files/browsers/*
+  - files/applications/lesshst.yaml
+  - files/applications/viminfo.yaml
+  - files/applications/wget.yaml
+  - files/logs/*
+  - files/packages/*
+  - files/shell/*
+  - files/ssh/*
+  - files/system/*
+