lgc diff
The lgc diff command returns the differences between what's deployed and what's expected in the detection files.
lgc diff <environment> [--service-name <service>]In short, the lgc diff command will read each detection file and connect to the remote service to ensure what's live matches what is described in the detection file. Here is an example on a production environment.
bash
~$ lgc diff prod
[+] rule 'High Domain Entropy (DGA)' will be created on 'splunk-prod'
[~] rule 'Crazy High Domain Entropy' will be updated on 'splunk-prod'
| {
| "app": "DemoApp",
| "savedsearch": {
| "cron_schedule": "*/15 0 0 0 0",
| - "disabled": "true",
| + "disabled": "false"
| }
| }
~$The diff command is also able to determine if a rule needs to be removed from a remote system using the state store.
INFO
Only what divert is returned. If a detection matches its description file, this detection won't be displayed by the diff command.
TIP
See also lgc validate