insanitybit/example.gql Secret

## example.gql

parent = {
    process_name: has(process_name) .
    process_id: eq(1234) .
    child_processes: @children .
}

children = {
    binary_location: @program_files .
}

program_files = {
    path: contains("program_files") || contains("/bin/") .
}

	parent = {
	process_name: has(process_name) .
	process_id: eq(1234) .
	child_processes: @children .
	}

	children = {
	binary_location: @program_files .
	}

	program_files = {
	path: contains("program_files") \|\| contains("/bin/") .
	}