lgc deploy
The lgc deploy command will perform the actions identified by the lgc diff command. This includes creating, updating and deleting detections.
These actions are performed towards a given environment and only what's divergent will be updated, created or deleted on the remote system(s).
bash
lgc deploy <environment> [--service-id <service>]Let's consider the following diff output.
bash
~$ lgc diff prod
[+] rule: `[DGA] High Entropy Domains` will be created on `splunk-prod`
[~] rule: `Crazy High Entropy Domains` will be updated on `splunk-prod`
// ... shrink for readability ...
~$To deploy detections in the prod environment, simply run:
bash
~$ lgc deploy prod --auto-approve
[+] rule: `[DGA] High Entropy Domains` created on `splunk-prod`
[~] rule: `Crazy High Domain Entropy` updated on `splunk-prod`
~$TIP
The deploy command relies on and update the state store to understand which detections were deployed and needs to be removed from the remote system in case of the deletion of its local yaml file.