From 0c10622a50934fe087b470308fd3e771beb9b965 Mon Sep 17 00:00:00 2001
From: Dave Smith <dave.smith@chainguard.dev>
Date: Fri, 25 Oct 2024 14:17:32 -0400
Subject: [PATCH] add extra tag to  high_disk_bytes_read.sql

Signed-off-by: Dave Smith <dave.smith@chainguard.dev>
---
 detection/exfil/high_disk_bytes_read.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection/exfil/high_disk_bytes_read.sql b/detection/exfil/high_disk_bytes_read.sql
index 710918c..38c9c86 100644
--- a/detection/exfil/high_disk_bytes_read.sql
+++ b/detection/exfil/high_disk_bytes_read.sql
@@ -10,7 +10,7 @@
 -- references:
 --   * https://attack.mitre.org/tactics/TA0010/ (Exfiltration)
 --
--- tags: transient process
+-- tags: transient process extra
 SELECT
   -- WARNING: Writes to tmpfs are not reflected against this counter
   p0.disk_bytes_read AS bytes_read,