lgc destroy
The lgc destroy command removes detections, having a descriptive yaml file, from their target service.
lgc destroy <environment> [--service-name <service>]Let's consider this example with 2 detections rules:
bash
~$ ls -1 rules
DGA_high_entropy_domains.yaml
crazy_high_entropy_domains.yaml
~$Assuming these detections being deployed, a destroy will look like this:
bash
~$ lgc destroy prod
[-] rule: `[DGA] High Entropy Domains` will be deleted from `splunk-prod`
[-] rule: `crazy high entropy domains` will be deleted from `splunk-prod`
✔ Do you want to deploy these changes? · yes
[-] rule: `[DGA] High Entropy Domains` deleted from `splunk-prod`
[-] rule: `crazy high entropy domains` deleted from `splunk-prod`
~$The diff will then look like this:
bash
~$ lgc diff prod
[+] rule: `[DGA] High Entropy Domains` will be created on `splunk-prod`
[+] rule: `crazy high entropy domains` will be created on `splunk-prod`