How CALDERA makes decisions

CALDERA makes decisions using parsers, which are optional blocks inside an ability.

Let’s look at an example snippet of an ability that uses a parser:

        command: |
          find /Users -name '*.#{file.sensitive.extension}' -type f -not -path '*/\.*' -size -500k 2>/dev/null | head -5

            - source: host.file.path
              edge: has_extension
              target: file.sensitive.extension

A parser is identified by the module which contains the code to parse the command’s output. The parser can contain:

Source (required): A fact to create for any matches from the parser

Edge (optional): A relationship between the source and target. This should be a string.

Target (optional): A fact to create which the source connects too.

In the above example, the output of the command will be sent through the module, which will create a relationship for every found file.